Windows Setup
First step is to dump the DNS zones from Windows into a file. Then generate an FTP command file which will upload the DNS zone file dump to your bind server. I’ve created a batch script to handle all of this:
@echo off
dnscmd /enumzones > dns.zones.txt
echo user ftp_bind_user> ftpcmd.dat
echo ftp_bind_password>> ftpcmd.dat
echo bin>> ftpcmd.dat
echo put dns.zones.txt>> ftpcmd.dat
echo quit>> ftpcmd.dat
ftp -n -s:ftpcmd.dat 192.168.1.101
del ftpcmd.dat
del dns.zones.txt
Some notes about the above script:
192.168.1.101 is the bind9 server’s IP address.
ftp_bind_user is the ftp user name setup on the bind9 server
ftp_bind_password is the ftp password setup on the bind9 server
I have this batch script run every hour, on the hour, using the Window task scheduler. This script will most likely need to run as an administrator in order to dump the DNS zones to a file.
Linux Setup
Now we setup the bash script. This script will first parse and format dns.zones.txt into a usable bind format, then it will scan all the current zone files and remove any that are not listed in the updated zone file. I set this script to run every hour, ten minutes after each hour. This script assumes you have bind running as user “bind” in group “bind”, please change the chown line accordingly.
#!/bin/bash
ZONE_PATH="/home/bind"
BIND_PATH="/var/lib/bind"
TMP=$(mktemp)
FC="dns.zones.txt"
for ZONE in $(awk '$2=="Primary" {print $1}' "${ZONE_PATH}/${FC}") do
printf "zone ${ZONE} {\n\ttype slave;\n\tmasters { 192.168.1.100; };\n\tfile \"${BIND_PATH}/${ZONE}.zone\";\n};\n"
done > ${TMP}
for ZONE in "$BIND_PATH"/*.zone do
grep -q "${ZONE}" "${TMP}" || rm -rf "${ZONE}"
done
mv ${TMP} /etc/bind/named.conf.slave-zones
chown bind:bind /etc/bind/named.conf.slave-zones
rndc reload
Some notes about the above script:
ZONE_PATH is where the dns.zones.txt file is uploaded to, this is of course determined by your FTP server setup (I setup proftpd with SQL backend, but you could easily setup vsftpd)
BIND_PATH is where we are telling bind to store the zone files.
192.168.1.100 is the IP Address of the Windows DNS Server
/etc/bind/named.conf.slave-zones is setup to be included in the “named.conf” file with the line:
include “/etc/bind/named.conf.slave-zones”;