Re: Can two views be layered?

2013-04-07 Thread Joseph S D Yao 
On Sat, Apr 06, 2013 at 01:31:22AM -0400, Novosielski, Ryan wrote:
...
 Yeah, this is what caused me to ask the question and, frankly, sounded
 annoying, mainly because I was now maintaining three files to edit
 just one DNS record, and the other two files contain a record that
 will probably not change once in the next 5 years. So is there
 anything wrong with doing it the way I've tried? It appears to work
 just fine.
...


In the long run, it depends on which will cause you less work ... and
the person whom you train to pick up on this when you decide to get your
DDS and do dentistry instead, fewer headaches.


--
/*\
**
** Joe Yao  j...@tux.org - Joseph S. D. Yao
**
\*/
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can two views be layered?

2013-04-06 Thread Leonard Mills 






   Novosielski, Ryan novos...@umdnj.edu wrote on about Friday, April 5, 
2013 10:31 PM


$INCLUDE db.example.com
@    IN    A    192.168.50.50
It may be obvious, but one needs to be aware that any $ORIGIN 

statements in the included file may cause unexpected results.

HtH,

Len___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can two views be layered?

2013-04-05 Thread Novosielski, Ryan 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 03/15/2013 07:11 PM, Joseph S D Yao wrote:
 On Fri, Mar 15, 2013 at 06:56:57PM -0400, Novosielski, Ryan wrote:
 Hi all. Running BIND 9.6 I believe it is. Not important what
 version as if there is a version that can do this and I'm not
 running it, I can go there.
 
 Is it possible to have a view that is in essence a list of
 exceptions to the main zone? eg. the example.com domain exists,
 so does www.example.com, but for a small subset of machines I
 need it to resolve to a different address -- every other address
 should come from the main zone.
 
 
 
 It is not possible to have views layered as you describe.  However,
 try this:
 
 file zonename.shared with all shared records. file
 zone.zonename.for-the-many with the records for the many. $INCLUDE
 zonename.shared File zone.zonename.for-the-few with the records
 for the few. $INCLUDE zonename.shared

... SNIP...

One followup question to this: are there any limits to how the SOA
section is handled in this case? Can the SOA record be in the
$INCLUDE'd file, or does it have to be in the defined zone files
(which then would mean maintaining I guess two serial numbers)? I was
originally thinking that in that case, whenever changes are made to
the zonename.shared file, all that was really needed to be updated was
the for-the-many zone but I believe then the for-the-few machines
would begin to see an increasingly out of date version of the shared file.

- -- 
-  _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Sr. Systems Programmer
|$| |__| |  | |__/ | \| _| |novos...@umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlFfMu8ACgkQmb+gadEcsb54vACgimqYO1V5TdzpGn7o2WbR224t
QFkAoL+up2JbCAd4LccsMo7d8sRJEOFE
=XqTS
-END PGP SIGNATURE-

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can two views be layered?

2013-04-05 Thread Joseph S D Yao 
On Fri, Apr 05, 2013 at 04:24:24PM -0400, Novosielski, Ryan wrote:
...
 One followup question to this: are there any limits to how the SOA
 section is handled in this case? Can the SOA record be in the
 $INCLUDE'd file, or does it have to be in the defined zone files
 (which then would mean maintaining I guess two serial numbers)? I was
 originally thinking that in that case, whenever changes are made to
 the zonename.shared file, all that was really needed to be updated was
 the for-the-many zone but I believe then the for-the-few machines
 would begin to see an increasingly out of date version of the shared file.


The bit stream that the computer sees is just what you would see if
you removed the $INCLUDE line and stuck all the bytes from the
$INCLUDE'd there instead.  You can't tell what was $INCUDE'd and what
was not.  Every other line might have been $INCLUDE'd from a different
file, if you wanted to be a bit crazy, and the computer would never
care.

BUT you may ONLY have one SOA record per zone.  That's not a per-file
thing, that's a per-zone thing.  Use RCS archiving and $Version:$
strings in comments [or TXT records] if you want to keep track of file
version numbers.  Or something more recent, if you want.

Just as a logistical thing, the SOA record should be in the zone file
that $INCLUDEs the rest of the information, anmd no SOA record in the
latter.


--
/*\
**
** Joe Yao  j...@tux.org - Joseph S. D. Yao
**
\*/
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can two views be layered?

2013-04-05 Thread Joseph S D Yao 
On Sat, Apr 06, 2013 at 01:04:47AM -0400, Joseph S D Yao wrote:
...
 Just as a logistical thing, the SOA record should be in the zone file
 that $INCLUDEs the rest of the information, anmd no SOA record in the
 latter.
...


Which means, I should have added, that any time you update the $INCLUDEd
file, you must update the serial numbers in the zone files doing the
$INCLUDEs.  That's a small disadvantage of this method - but one which
good discipline should overcome.


--
/*\
**
** Joe Yao  j...@tux.org - Joseph S. D. Yao
**
\*/
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can two views be layered?

2013-04-05 Thread Novosielski, Ryan 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 04/06/2013 01:05 AM, Joseph S D Yao wrote:
 On Fri, Apr 05, 2013 at 04:24:24PM -0400, Novosielski, Ryan wrote: 
 ...
 One followup question to this: are there any limits to how the
 SOA section is handled in this case? Can the SOA record be in
 the $INCLUDE'd file, or does it have to be in the defined zone
 files (which then would mean maintaining I guess two serial
 numbers)? I was originally thinking that in that case, whenever
 changes are made to the zonename.shared file, all that was really
 needed to be updated was the for-the-many zone but I believe
 then the for-the-few machines would begin to see an
 increasingly out of date version of the shared file.
 
 The bit stream that the computer sees is just what you would see
 if you removed the $INCLUDE line and stuck all the bytes from the 
 $INCLUDE'd there instead.  You can't tell what was $INCUDE'd and
 what was not.  Every other line might have been $INCLUDE'd from a
 different file, if you wanted to be a bit crazy, and the computer
 would never care.

So I messed around with this a little before your reply and realized
that almost immediately. So I did things a little differently...

 BUT you may ONLY have one SOA record per zone.  That's not a
 per-file thing, that's a per-zone thing.  Use RCS archiving and
 $Version:$ strings in comments [or TXT records] if you want to keep
 track of file version numbers.  Or something more recent, if you
 want.

Yeah, that I know... but where to place them to me seems less written
in stone...

 Just as a logistical thing, the SOA record should be in the zone
 file that $INCLUDEs the rest of the information, anmd no SOA record
 in the latter.

Is there any reason that that necessarily should be so? What I did was
create two views of the zone, let's call them few and many like
you did. Those views both contain example.com, with zone files
db.example.com-few and db.example.com-many. Instead of what you
suggested, I flipped the order in the contents of the two files
(honestly, I'm not even certain that was necessary). So for example,
db.example.com-many:

$INCLUDE db.example.com
@   IN  A   192.168.50.50

...where db.example.com is basically the same zone file I've used for
example.com all along, just with the A record for the domain removed.

 Which means, I should have added, that any time you update the
 $INCLUDEd file, you must update the serial numbers in the zone
 files doing the $INCLUDEs.  That's a small disadvantage of this
 method - but one which good discipline should overcome.

Yeah, this is what caused me to ask the question and, frankly, sounded
annoying, mainly because I was now maintaining three files to edit
just one DNS record, and the other two files contain a record that
will probably not change once in the next 5 years. So is there
anything wrong with doing it the way I've tried? It appears to work
just fine.

- -- 
-  _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Sr. Systems Programmer
|$| |__| |  | |__/ | \| _| |novos...@umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlFfsyQACgkQmb+gadEcsb4Z4QCgoZV5PCRPJVrXUPgOhsUFMrW1
p6oAn2Rvj8ecZ4zwLNNWtzpP9zN21vAR
=M+Zf
-END PGP SIGNATURE-

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Can two views be layered?

2013-03-15 Thread Novosielski, Ryan 
Hi all. Running BIND 9.6 I believe it is. Not important what version as if 
there is a version that can do this and I'm not running it, I can go there. 

Is it possible to have a view that is in essence a list of exceptions to the 
main zone? eg. the example.com domain exists, so does www.example.com, but for 
a small subset of machines I need it to resolve to a different address -- every 
other address should come from the main zone.

I can think of a few ways this could have been implemented (allowing one to 
overlay a zone, having a duplicate zone with only that address that can then do 
some kind of include of the main zone, etc.) but I can't find the right search 
terms to figure out whether this is possible as is.

My suspicion is not possible, but if you could point me in the right 
direction, I'd appreciate it.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can two views be layered?

2013-03-15 Thread Joseph S D Yao 
On Fri, Mar 15, 2013 at 06:56:57PM -0400, Novosielski, Ryan wrote:
 Hi all. Running BIND 9.6 I believe it is. Not important what version as if 
 there is a version that can do this and I'm not running it, I can go there. 
 
 Is it possible to have a view that is in essence a list of exceptions to the 
 main zone? eg. the example.com domain exists, so does www.example.com, but 
 for a small subset of machines I need it to resolve to a different address -- 
 every other address should come from the main zone.
 


It is not possible to have views layered as you describe.  However, try
this:

file zonename.shared with all shared records.
file zone.zonename.for-the-many with the records for the many.
$INCLUDE zonename.shared
File zone.zonename.for-the-few with the records for the few.
$INCLUDE zonename.shared

view for_the_few {
...
zone zonename {
...
file data/zone.zonename.for-the-few;
...
};
};

view for_the_many {
...
zone zonename {
...
file data/zone.zonename.for-the-many;
...
};
};


--
/*\
**
** Joe Yao  j...@tux.org - Joseph S. D. Yao
**
\*/
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Can two views be layered?

2013-03-15 Thread Novosielski, Ryan 
Thanks! Wonderful -- asked and answered. 


- Original Message -
From: Joseph S D Yao [mailto:j...@tux.org]
Sent: Friday, March 15, 2013 07:11 PM
To: Novosielski, Ryan
Cc: 'bind-users@lists.isc.org' bind-users@lists.isc.org
Subject: Re: Can two views be layered?

On Fri, Mar 15, 2013 at 06:56:57PM -0400, Novosielski, Ryan wrote:
 Hi all. Running BIND 9.6 I believe it is. Not important what version as if 
 there is a version that can do this and I'm not running it, I can go there. 
 
 Is it possible to have a view that is in essence a list of exceptions to the 
 main zone? eg. the example.com domain exists, so does www.example.com, but 
 for a small subset of machines I need it to resolve to a different address -- 
 every other address should come from the main zone.
 


It is not possible to have views layered as you describe.  However, try
this:

file zonename.shared with all shared records.
file zone.zonename.for-the-many with the records for the many.
$INCLUDE zonename.shared
File zone.zonename.for-the-few with the records for the few.
$INCLUDE zonename.shared

view for_the_few {
...
zone zonename {
...
file data/zone.zonename.for-the-few;
...
};
};

view for_the_many {
...
zone zonename {
...
file data/zone.zonename.for-the-many;
...
};
};


--
/*\
**
** Joe Yao  j...@tux.org - Joseph S. D. Yao
**
\*/

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users