Re: Can two views be layered?
On Sat, Apr 06, 2013 at 01:31:22AM -0400, Novosielski, Ryan wrote: ... Yeah, this is what caused me to ask the question and, frankly, sounded annoying, mainly because I was now maintaining three files to edit just one DNS record, and the other two files contain a record that will probably not change once in the next 5 years. So is there anything wrong with doing it the way I've tried? It appears to work just fine. ... In the long run, it depends on which will cause you less work ... and the person whom you train to pick up on this when you decide to get your DDS and do dentistry instead, fewer headaches. -- /*\ ** ** Joe Yao j...@tux.org - Joseph S. D. Yao ** \*/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can two views be layered?
Novosielski, Ryan novos...@umdnj.edu wrote on about Friday, April 5, 2013 10:31 PM $INCLUDE db.example.com @ IN A 192.168.50.50 It may be obvious, but one needs to be aware that any $ORIGIN statements in the included file may cause unexpected results. HtH, Len___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can two views be layered?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/15/2013 07:11 PM, Joseph S D Yao wrote: On Fri, Mar 15, 2013 at 06:56:57PM -0400, Novosielski, Ryan wrote: Hi all. Running BIND 9.6 I believe it is. Not important what version as if there is a version that can do this and I'm not running it, I can go there. Is it possible to have a view that is in essence a list of exceptions to the main zone? eg. the example.com domain exists, so does www.example.com, but for a small subset of machines I need it to resolve to a different address -- every other address should come from the main zone. It is not possible to have views layered as you describe. However, try this: file zonename.shared with all shared records. file zone.zonename.for-the-many with the records for the many. $INCLUDE zonename.shared File zone.zonename.for-the-few with the records for the few. $INCLUDE zonename.shared ... SNIP... One followup question to this: are there any limits to how the SOA section is handled in this case? Can the SOA record be in the $INCLUDE'd file, or does it have to be in the defined zone files (which then would mean maintaining I guess two serial numbers)? I was originally thinking that in that case, whenever changes are made to the zonename.shared file, all that was really needed to be updated was the for-the-many zone but I believe then the for-the-few machines would begin to see an increasingly out of date version of the shared file. - -- - _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer |$| |__| | | |__/ | \| _| |novos...@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlFfMu8ACgkQmb+gadEcsb54vACgimqYO1V5TdzpGn7o2WbR224t QFkAoL+up2JbCAd4LccsMo7d8sRJEOFE =XqTS -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can two views be layered?
On Fri, Apr 05, 2013 at 04:24:24PM -0400, Novosielski, Ryan wrote: ... One followup question to this: are there any limits to how the SOA section is handled in this case? Can the SOA record be in the $INCLUDE'd file, or does it have to be in the defined zone files (which then would mean maintaining I guess two serial numbers)? I was originally thinking that in that case, whenever changes are made to the zonename.shared file, all that was really needed to be updated was the for-the-many zone but I believe then the for-the-few machines would begin to see an increasingly out of date version of the shared file. The bit stream that the computer sees is just what you would see if you removed the $INCLUDE line and stuck all the bytes from the $INCLUDE'd there instead. You can't tell what was $INCUDE'd and what was not. Every other line might have been $INCLUDE'd from a different file, if you wanted to be a bit crazy, and the computer would never care. BUT you may ONLY have one SOA record per zone. That's not a per-file thing, that's a per-zone thing. Use RCS archiving and $Version:$ strings in comments [or TXT records] if you want to keep track of file version numbers. Or something more recent, if you want. Just as a logistical thing, the SOA record should be in the zone file that $INCLUDEs the rest of the information, anmd no SOA record in the latter. -- /*\ ** ** Joe Yao j...@tux.org - Joseph S. D. Yao ** \*/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can two views be layered?
On Sat, Apr 06, 2013 at 01:04:47AM -0400, Joseph S D Yao wrote: ... Just as a logistical thing, the SOA record should be in the zone file that $INCLUDEs the rest of the information, anmd no SOA record in the latter. ... Which means, I should have added, that any time you update the $INCLUDEd file, you must update the serial numbers in the zone files doing the $INCLUDEs. That's a small disadvantage of this method - but one which good discipline should overcome. -- /*\ ** ** Joe Yao j...@tux.org - Joseph S. D. Yao ** \*/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can two views be layered?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/06/2013 01:05 AM, Joseph S D Yao wrote: On Fri, Apr 05, 2013 at 04:24:24PM -0400, Novosielski, Ryan wrote: ... One followup question to this: are there any limits to how the SOA section is handled in this case? Can the SOA record be in the $INCLUDE'd file, or does it have to be in the defined zone files (which then would mean maintaining I guess two serial numbers)? I was originally thinking that in that case, whenever changes are made to the zonename.shared file, all that was really needed to be updated was the for-the-many zone but I believe then the for-the-few machines would begin to see an increasingly out of date version of the shared file. The bit stream that the computer sees is just what you would see if you removed the $INCLUDE line and stuck all the bytes from the $INCLUDE'd there instead. You can't tell what was $INCUDE'd and what was not. Every other line might have been $INCLUDE'd from a different file, if you wanted to be a bit crazy, and the computer would never care. So I messed around with this a little before your reply and realized that almost immediately. So I did things a little differently... BUT you may ONLY have one SOA record per zone. That's not a per-file thing, that's a per-zone thing. Use RCS archiving and $Version:$ strings in comments [or TXT records] if you want to keep track of file version numbers. Or something more recent, if you want. Yeah, that I know... but where to place them to me seems less written in stone... Just as a logistical thing, the SOA record should be in the zone file that $INCLUDEs the rest of the information, anmd no SOA record in the latter. Is there any reason that that necessarily should be so? What I did was create two views of the zone, let's call them few and many like you did. Those views both contain example.com, with zone files db.example.com-few and db.example.com-many. Instead of what you suggested, I flipped the order in the contents of the two files (honestly, I'm not even certain that was necessary). So for example, db.example.com-many: $INCLUDE db.example.com @ IN A 192.168.50.50 ...where db.example.com is basically the same zone file I've used for example.com all along, just with the A record for the domain removed. Which means, I should have added, that any time you update the $INCLUDEd file, you must update the serial numbers in the zone files doing the $INCLUDEs. That's a small disadvantage of this method - but one which good discipline should overcome. Yeah, this is what caused me to ask the question and, frankly, sounded annoying, mainly because I was now maintaining three files to edit just one DNS record, and the other two files contain a record that will probably not change once in the next 5 years. So is there anything wrong with doing it the way I've tried? It appears to work just fine. - -- - _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer |$| |__| | | |__/ | \| _| |novos...@umdnj.edu - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlFfsyQACgkQmb+gadEcsb4Z4QCgoZV5PCRPJVrXUPgOhsUFMrW1 p6oAn2Rvj8ecZ4zwLNNWtzpP9zN21vAR =M+Zf -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Can two views be layered?
Hi all. Running BIND 9.6 I believe it is. Not important what version as if there is a version that can do this and I'm not running it, I can go there. Is it possible to have a view that is in essence a list of exceptions to the main zone? eg. the example.com domain exists, so does www.example.com, but for a small subset of machines I need it to resolve to a different address -- every other address should come from the main zone. I can think of a few ways this could have been implemented (allowing one to overlay a zone, having a duplicate zone with only that address that can then do some kind of include of the main zone, etc.) but I can't find the right search terms to figure out whether this is possible as is. My suspicion is not possible, but if you could point me in the right direction, I'd appreciate it. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can two views be layered?
On Fri, Mar 15, 2013 at 06:56:57PM -0400, Novosielski, Ryan wrote: Hi all. Running BIND 9.6 I believe it is. Not important what version as if there is a version that can do this and I'm not running it, I can go there. Is it possible to have a view that is in essence a list of exceptions to the main zone? eg. the example.com domain exists, so does www.example.com, but for a small subset of machines I need it to resolve to a different address -- every other address should come from the main zone. It is not possible to have views layered as you describe. However, try this: file zonename.shared with all shared records. file zone.zonename.for-the-many with the records for the many. $INCLUDE zonename.shared File zone.zonename.for-the-few with the records for the few. $INCLUDE zonename.shared view for_the_few { ... zone zonename { ... file data/zone.zonename.for-the-few; ... }; }; view for_the_many { ... zone zonename { ... file data/zone.zonename.for-the-many; ... }; }; -- /*\ ** ** Joe Yao j...@tux.org - Joseph S. D. Yao ** \*/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can two views be layered?
Thanks! Wonderful -- asked and answered. - Original Message - From: Joseph S D Yao [mailto:j...@tux.org] Sent: Friday, March 15, 2013 07:11 PM To: Novosielski, Ryan Cc: 'bind-users@lists.isc.org' bind-users@lists.isc.org Subject: Re: Can two views be layered? On Fri, Mar 15, 2013 at 06:56:57PM -0400, Novosielski, Ryan wrote: Hi all. Running BIND 9.6 I believe it is. Not important what version as if there is a version that can do this and I'm not running it, I can go there. Is it possible to have a view that is in essence a list of exceptions to the main zone? eg. the example.com domain exists, so does www.example.com, but for a small subset of machines I need it to resolve to a different address -- every other address should come from the main zone. It is not possible to have views layered as you describe. However, try this: file zonename.shared with all shared records. file zone.zonename.for-the-many with the records for the many. $INCLUDE zonename.shared File zone.zonename.for-the-few with the records for the few. $INCLUDE zonename.shared view for_the_few { ... zone zonename { ... file data/zone.zonename.for-the-few; ... }; }; view for_the_many { ... zone zonename { ... file data/zone.zonename.for-the-many; ... }; }; -- /*\ ** ** Joe Yao j...@tux.org - Joseph S. D. Yao ** \*/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users