Catalog Zones
Catalog zones were introduced in BIND 9.11.0 as a means to simply administration of zones on slave DNS servers. Prior to catalog zones, if you needed to add or delete a zone from a set of authoritative DNS servers, you had to edit the named.conf of each server to add or remove respectively the corresponding zone stanza. With catalog zones, you can add and delete zones from the catalog configured on the master/primary authoritative servers and the primary will update the zone catalog of the slaves using the standard zone transfer mechanism. A limitation of this feature is that you can only define a few select zone options for member zones in the catalog.
Catalog zones are configured differently on the master vs. the slave DNS servers. On the master, named.conf declares the zone catalog, a zone file that defines the catalog, and a zone file for each catalog member zone. The configuration on the slaves necessitates inclusion of the zone catalog declaration in the named.conf including enumeration of the catalog zone master server.
Primary server configuration
Define the catalog zone, e.g., catalog.example.db, which must include an SOA and NS records like all zones and a TXT record indicating the version of the catalog zones feature. An example zone file contains at minimum the following.
catalog.example. IN SOA . . 1 86400 3600 86400 3600 | |
catalog.example. IN NS invalid. | |
version IN TXT "1" |
On the master, declare the zone catalog in named.conf.
zone "catalog.example" { | ||
type master; | ||
file "catalog.example.db"; | ||
allow-transfer { address_match_list; }; | ||
allow-update { address_match_list; }; | ||
also-notify { 10.53.0.2; 10.53.0.3; }; | ||
notify explicit; | ||
}; |
Member zones, i.e., zones within the catalog, are defined as normal zones.
zone "domain.example" { | ||
type master; | ||
file "domain.example.db"; | ||
allow-transfer { address_match_list; }; | ||
}; |
For each member zone, you also need to add a reference to the member zone via a PTR record in the catalog zone file, catalog.example.db in our case.The record label is a SHA-1 hash of the member zone name in wire format. The target of the PTR record is the member zone name. For example, to add the member zone domain.example to catalog.example:
5960775ba382e7a4e09263fc06e7c00569b6a05c.zones.catalog.example IN PTR domain.example. |
Secondary server configuration
On the secondary servers copy the catalog.example.db zone file to each secondary and edit named.conf to declare the zone file as corresponding to a catalog zone.
options { | ||||
. . . | ||||
catalog-zones { | ||||
zone "catalog.example" | ||||
default-masters { 10.53.0.1; }; | ||||
} | ||||
. . . | ||||
}; | ||||
zone "catalog.example" { | ||||
type slave; | ||||
file "catalog.example.db"; | ||||
masters { 10.53.0.1; }; | ||||
allow-notify { 10.53.0.1; }; | ||||
}; |