NAME

metazone — convert BIND configuration to/from a DNS zone

SYNOPSIS

metazone [-dn] [-f file] ⟨zone⟩ [serial [server]]

metazone [-f file] ⟨zone⟩ named.zones.*

DESCRIPTION

A “metazone” is a DNS zone that describes the configuration of other DNS zones.

Metazones allow you to use standard DNS mechanisms - AXFR, IXFR, NOTIFY, UPDATE - to control the configuration of multiple name servers, instead of using a separate out-of-band distribution system.

The metazone program converts between metazones and named.conf fragments in either direction.

OPTIONS

-d

Extra diagnostics about loading the zone.

-f file

The file to use when reading or writing the metazone.

If the -f option is omitted in metazone-to-named.zones.* mode then the zone is obtained by AXFR.

If the -f option is omitted in named.zones.*-to-metazone mode then the zone is written to stdout.

-n

Do not run rndc reload when a named.zones.* file has changed.

DETAILS

The format of a metazone is described in metazone(5).

A metazone can contain multiple “views” each of which corresponds to a named.conf fragment written to the file:

named.zones.⟨view⟩

If you are using multiple views, your main named.conf will typically include each named.zones.⟨view⟩ file in the corresponding view clause. However it is not required for your metazone views to correspond to your BIND views.

A number of view names are reserved; see metazone(5) for details.

metazone to named.zones.*

The metazone program is designed to work with nsnotifyd. You can run it with a command like:

nsnotifyd metazone ⟨zone⟩

When the nsnotifyd daemon detects that the zone has changed, it runs metazone with the name of the zone, its serial number, and optionally the address of the name server that notified us of the change.

When the -f option is not given, metazone will AXFR the zone from the server (or localhost if none is specified). It will then convert the zone to a set of named.zones.⟨view⟩ files, written to the current directory. If any of the files has changed, metazone runs rndc reconfig to inform the name server (unless you give the -n option).

named.zones.* to metazone

To convert a set of named.zones.⟨view⟩ files to a metazone, run

metazone ⟨zone⟩ named.zones.*

The zone will be printed to the standard output unless the -f option is given. The view names in the zone are taken from the file names.

Your provisioning system can generate named.conf fragments on your master server, then you can update your metazone with the following command, and the changes will be propagated automatically to your slave servers.

$ metazone _metazone named.zones.* |
  nspatch -- _metazone /dev/stdin -- -l

EXAMPLE

To configure a slave server to reconfigure itself automatically using a metazone, run:

$ nsnotifyd -p 5300 metazone _metazone

You need to configure named to slave the metazone from your master server, and notify nsnotifyd when it changes.

You need to ensure the named.zones.* files are present (empty is OK) so they can be included in the main named.conf.

When named first starts, it will transfer the metazone, notify nsnotifyd which will run metazone which will generate the rest of the configuration and tell named to reconfigure itself.

options {
	# ...
};
view int {
	match-clients { 192.0.2.0/24; };
	recursion yes;
	zone _metazone {
		type slave;
		file "db.metazone";
		masters { 192.0.2.1; };
		also-notify { 127.0.0.1 port 5300; };
	};
	include "named.zones.int";
};
view external {
	match-clients { any; };
	recursion no;
	include "named.zones.ext";
};

AUTHOR

Tony Finch ⟨dot@dotat.at⟩

`nsnotifyd`: scripted DNS NOTIFY handler