It’s nothing earth shattering, but I had a problem that needed solving, so I solved it with some code. The solution is nothing earth shattering, but I put it on Github anyways. If for no other reason, I can maintain it and always find it there when I need it.

As part of my data privacy and security strategy, I use pi-hole on my home network to provide DNS-based ad blocking and malware protection. I have two pi-hole servers on my local network to provide primary and secondary DNS servers. On each of them, I run an unbound recursive DNS server. This helps cut down on the tracking that can (does) occur when relying on my local ISP’s recursive DNS servers.

One nice feature of unbound is that it lets you specify local A records in its config file. I use that feature to let me resolve local names (e.g., nc.helding.net, when resolved with my local DNS servers, points to my local Nextcloud server’s IP) without getting too fancy and without putting RFC 1918 IP addresses in my domain’s public records. Like any good homelabber, I make plenty of changes and I was looking for a way to keep the configs synced between the two servers so I didn’t have to edit two config files whenever I made a change. As the name suggests, unbound isn’t BIND and it has no master/slave zone capabilities built into it.

I decided to try my hand at a bash script that would take care of this. The script, called sync-unbound.sh, runs every 15 minutes as a cron job on the secondary server. It pulls the config from the primary server and checks for changes. If there are any, it updates the local config accordingly and restarts the service, ensuring that both servers are in sync.