Named has options at the global, view and zone levels. The 9.11 ARM shows allow-update in the options and zone statements. If it's broken in 9.13 - note that it is a "Developement Release". So bugs are expected, and you should raise an issue on bind9-bugs or on gitlab (https://gitlab.isc.org/isc-projects/bind9/issues).
You can work around your issue by using 'include "my-common-stuff.conf";' to simplify your configuration. This is a useful strategy for things that don't fit the three-level model. If you have large zones, you can speed up load time with masterfile-format raw or map; see the "tuning" section of the ARM for more information. Parsing configuration data is unlikely to be the dominant factor in startup, but I'm sure that the developers would welcome a reproducible test case that shows otherwise. You should consider update-policy instead of allow-update; it provides much better control and better security. > It is really very obvious that this is only done by > ideologists, not technical oriented people. Actually, I've found that the contributors to named are very technical, practical people. Sometimes they introduce bugs, or ideas that work in one context but not another. They're responsive to criticism & contributions. But name-calling is generally not an effective way to get anyone to help you. Timothe Litt ACM Distinguished Engineer -------------------------- This communication may not represent the ACM or my employer's views, if any, on the matters discussed. On 17-Mar-19 10:35, Stephan von Krawczynski wrote: > On Sun, 17 Mar 2019 12:40:35 +0100 > Reindl Harald <h.rei...@thelounge.net> wrote: > >> Am 17.03.19 um 12:13 schrieb Stephan von Krawczynski: >>> So why is it, that there is no global way of defining default zone >>> definitions which are only overriden by the actual zone definition? >> maybe because it brings a ton of troubles and whoever deals with more >> than 5 zones has automatic config management in place anyways? > If you don't want to follow the positive way (how about a nice additional > feature), then please accept the negative way: someone broke the config > semantics by implementing a zone based-only "allow update". This option worked > globally before (too), so we can assume it is in fact broken now. > Can someone please point me to the discussion about this incompatible change? > >>> Why is there no way to define a hosts-type-of-file with an URL-to-IP list? >>> Do you really want people to define 50.000 zones to perform adblocking? >> no, just use the right tool for the task, this don't fit into the domain >> concept of named and hence you have dnsmasq and rbldnsd to step into >> that niche > In todays' internet this is no niche any more. And the right tool means mostly > "yet-another-host" because you then need at least a cascade of two, one for > dnsmasq and one for bind/named. A lot of overhead for quite a simple task... > >>> Configs have to be reloaded every now and then, is there really no idea >>> how to shorten things a bit? >> ?? > Shorter config = shorter load time. The semantic change of "allow update" > alone > leaves every setup with 1000 domains in a situation where 999 config statments > more have to be read, interpreted and configured - just to end up in the same > runtime setup. It is really very obvious that this is only done by > ideologists, not technical oriented people. >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users