17 Dub
2024
17 Dub
'24
13:33
Hi,
I have a use case, where today we’re running BIND and a daemon uses rndc to
create/remove/update zones on secondary servers.
According to `man knotc` knotc only supports UNIX sockets (old ubuntu man page showed ‘-p’
parameter to specify port).
I know I could use a catalog zone, but that would be a bigger change than I prefer right
now. The primary server is running BIND+DLZ
with a PostgreSQL backend. Replacing the primary is on the roadmap, but for now, I just
want to replace the secondaries.
Is there a good way to remotely add zones to a knot secondary?
.einar
17 Dub
17 Dub
13:58
On 17/04/2024 15:33, Einar Bjarni Halldórsson via knot-dns-users wrote:
Hi Einar,
[snip]
Is there a good way to remotely add zones to a knot
secondary?
You could use socket plumbing tools such as netcat or socat to connect a
local socket to a remote one. Alternatively, just ssh into the server
and run the knotc commands locally.
A different approach is to generate the remote knot.conf file from a
template, using something like Jinja with ansible or SaltStack. When the
file changes, call "knotc reload" to apply the changes.
Regards,
Anand
14:12
Yes. You can forward the control socket using ssh (e.g. ssh -f -N -L
/tmp/knot.sock:/run/knot/knot.sock -o 'StreamLocalBindUnlink=yes' server) and
use knotc locally (knotc -s /tmp/knot.sock).
I don't think that native remote control support is worth implementation and
configuration when ssh is almost always available.
Daniel
On 4/17/24 15:58, Anand Buddhdev wrote:
On 17/04/2024 15:33, Einar Bjarni Halldórsson via
knot-dns-users wrote:
Hi Einar,
[snip]
Is there a good way to remotely add zones to a
knot secondary?
You could use socket plumbing tools such as netcat or socat to connect a local socket to
a remote one. Alternatively, just ssh into the server and run the knotc commands locally.
A different approach is to generate the remote knot.conf file from a template, using
something like Jinja with ansible or SaltStack. When the file changes, call "knotc
reload" to apply the changes.
Regards,
Anand
--
15:21
On 17 Apr 2024, at 14:12, Daniel Salzman via
knot-dns-users <knot-dns-users(a)lists.nic.cz> wrote:
Yes. You can forward the control socket using ssh (e.g. ssh -f -N -L
/tmp/knot.sock:/run/knot/knot.sock -o 'StreamLocalBindUnlink=yes' server) and
use knotc locally (knotc -s /tmp/knot.sock).
On 4/17/24 15:58, Anand Buddhdev wrote:
> You could use socket plumbing tools such as netcat or socat to connect a local socket
to a remote one. Alternatively, just ssh into the server and run the knotc commands
locally.
> A different approach is to generate the remote knot.conf file from a template, using
something like Jinja with ansible or SaltStack. When the file changes, call "knotc
reload" to apply the changes.
>
Thanks Daniel and Anand!
SSH it is.
.einar
230
days inactive
230
days old
3 comments
3 participants
participants (3)
-
Anand Buddhdev -
Daniel Salzman -
Einar Bjarni Halldórsson