Hi LIst,
I'm looking for a recommendation on how to backup a DNS zone prior to making changes. I'm already backing up the IPA master nightly but I'd like to be able to restore a single zone in the event someone accidentally deletes something we could quickly restore the zone without having to restore the entire server.
Thanks!
Anyone have any suggestions on this?
John Petrini Platforms Engineer
[image: Call CoreDial] 215.297.4400 x 232 <215-297-4400> [image: Call CoreDial] www.coredial.com https://coredial.com/ [image: CoreDial] 751 Arbor Way, Hillcrest I, Suite 150 Blue Bell, PA 19422 https://www.google.com/maps/place/CoreDial,+LLC/@40.140902,-75.2878857,17z/data=!3m1!4b1!4m5!3m4!1s0x89c6bc587f1cfd47:0x4c79d505f2ee580b!8m2!3d40.140902!4d-75.285697 The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.
On Tue, Jun 19, 2018 at 12:03 PM, John Petrini jpetrini@coredial.com wrote:
Hi LIst,
I'm looking for a recommendation on how to backup a DNS zone prior to making changes. I'm already backing up the IPA master nightly but I'd like to be able to restore a single zone in the event someone accidentally deletes something we could quickly restore the zone without having to restore the entire server.
Thanks!
John Petrini via FreeIPA-users wrote:
Anyone have any suggestions on this?
So you are worried that people are going to accidentally delete things?
There is no tool to back up and restore individual entries. You'd need to roll something yourself.
Some possible ideas:
- setup a plain bind slave to do zone transfers to and just save copies of the generated text files - do a periodic LDAP search and save that output somewhere - pick apart the LDAP changelog to try to revert changes
rob
John Petrini Platforms Engineer
Call CoreDial 215.297.4400 x 232 tel:215-297-4400
Call CoreDial www.coredial.com https://coredial.com/
CoreDial 751 Arbor Way, Hillcrest I, Suite 150 Blue Bell, PA 19422 https://www.google.com/maps/place/CoreDial,+LLC/@40.140902,-75.2878857,17z/data=!3m1!4b1!4m5!3m4!1s0x89c6bc587f1cfd47:0x4c79d505f2ee580b!8m2!3d40.140902!4d-75.285697
The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.
On Tue, Jun 19, 2018 at 12:03 PM, John Petrini <jpetrini@coredial.com mailto:jpetrini@coredial.com> wrote:
Hi LIst, I'm looking for a recommendation on how to backup a DNS zone prior to making changes. I'm already backing up the IPA master nightly but I'd like to be able to restore a single zone in the event someone accidentally deletes something we could quickly restore the zone without having to restore the entire server. Thanks!
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahost...
Hi Rob,
Exactly. I just need a quick way to restore in case someone fat fingers a change. I was curious if there was a baked in way to do this using FreeIPA but it sounds like there isn't.
Thanks for the other suggestions. It looks like a zone transfer will probably be the simplest way to get a backup. I also stumbled across this tool: https://github.com/freeipa/zone2dyndb-ldif for converting the zone transfer to something usable by bind-dyndb-ldap so I'm going throw together a script to automate the backups of the zones and another that uses zone2dyndb-ldif to import the backups.
actually ipa-backup isn’t such a bad approach. It produces ipa-data.tar, If you look in the tar file you’ll find DOMAIN-userRoot.ldif. This is the whole database as an LDIF fills. If you’ll spend a few minutes looking at the format, it’s actually pretty easy to pull out individual entries or groups of entries. The lines in the LDIF files include all the attributes, so it’s not hard to see how to put things back.
On Jun 25, 2018, at 5:17:20 PM, John Petrini via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi Rob,
Exactly. I just need a quick way to restore in case someone fat fingers a change. I was curious if there was a baked in way to do this using FreeIPA but it sounds like there isn't.
Thanks for the other suggestions. It looks like a zone transfer will probably be the simplest way to get a backup. I also stumbled across this tool: https://github.com/freeipa/zone2dyndb-ldif https://github.com/freeipa/zone2dyndb-ldif for converting the zone transfer to something usable by bind-dyndb-ldap so I'm going throw together a script to automate the backups of the zones and another that uses zone2dyndb-ldif to import the backups.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahost...
freeipa-users@lists.fedorahosted.org