I've recently added more BIND9 DNS servers to my network, and the work of adding each zone/domain i want the slave nodes to be a slave to is becoming far too repetitive, not to mention that having only one master server creates an easy point of failure. Is there a better way to go about managing DNS zones/slaves/etc?

  • 81
  • 1
  • 2
  • 7
  • The common way of managing duplication is via e.g. puppet, chef, cfengine, or some other configuration management system. This is independent of what the server is used for. – Jenny D Nov 29 '13 at 09:10

3 Answers3


As sysadmin for an environment with dozens of DNS servers and thousands of domains, I feel (well, felt) your pain. We solved it with puppet and templates.

All our domains and servers also have entries in our infrastructure database (even the zones get generated from there, but that's irrelevant for now). So we do roughly the following:

Master nameservers:

  • The main named.conf has several include statements for generated files as below
  • The generated configuration includes notify statements for all slaves, generated from a SQL query to our infrastructure database
  • The list of domains is generated from that DB as well

On the slaves:

  • The main named.conf has several include statements for generated files as below
  • The list of domains is generated from the infrastructure DB, including information about the master

When puppet changes any of the files above, it also calls rndc reconfig to reload the configuration, but only if it parses correctly.

Dennis Kaarsemaker
  • 18,793
  • 2
  • 43
  • 69

Some suggestions could be:

  • Create a caching only DNS server like the one described in this article ?
  • Copy over periodically the configuration from one slave to the other(s) with rsync
  • Use heartbeat or keepalived to make a load balancing primary DNS server for a same IP.
  • 78,442
  • 20
  • 178
  • 229
  • 351
  • 1
  • 7
  • I think the automated config sync around the slaves is your best bet: if you do this with `include` statements, you can neatly separate out on each server the bits that are server-specific from the bits that are standard across all your slaves. Then you need only update the "master slave" (OK, weird concept; sue me) and wait for the change to propagate. – MadHatter Nov 29 '13 at 09:27

I use a different approach. With PowerDNS the replication of zones and records is quite easy. The whole dns-data is stored in a MySQL-DB and is replicted via MySQL to 2 slave servers, which also use powerdns.

This setup ran for about 6 years without any problems.

BTW: bind is still used for caching

  • 1,062
  • 9
  • 8