RE: Split View DNS
Yes, assuming you want them to both have the same zone data.
We use a naming convention so we know when we're sharing a file. Each
view gets their zonefiles with -viewname (ie: example.com-internal)
appended. Common zones get -common. This keeps us from modifying the
wrong file, and lets us remember which ones are shared easily.
Todd.
-Original Message-
From: bind-users-bounces+tsnyder=rim@lists.isc.org
[mailto:bind-users-bounces+tsnyder=rim@lists.isc.org] On Behalf Of
Jason Gates
Sent: Thursday, March 11, 2010 10:06 AM
To: bind-users@lists.isc.org
Subject: Split View DNS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
When using split view, can one point to the same file in both views?
example:
view blah-internal {
match-clients { internal-users; };
zone blah.org in {
type slave;
file /var/named/slave/blah.org;
masters { ipaddress; };
};
zone 10.10.10.in-addr.arpa in {
type slave;
file /var/named/slave/10.10.10.reverse;
masters { ipaddress; };
};
};
view blah-external {
match-clients { any; };
zone blah.org in {
type slave;
file /var/named/slave/blah.org;
masters { ipaddress; };
};
zone 10.10.10.in-addr.arpa in {
type master;
file /var/named/view/10.10.10.reverse;
};
};
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
iEYEARECAAYFAkuZBtkACgkQ3BaZWzk6Q2cm6wCgt8/qogkzaM4SosMpS9o+PT9k
qugAoIwHOmvsZyrHDfbZEDsY1Rp1/tFZ
=aL9s
-END PGP SIGNATURE-
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-
This transmission (including any attachments) may contain confidential
information, privileged material (including material protected by the
solicitor-client or other applicable privileges), or constitute non-public
information. Any use of this information by anyone other than the intended
recipient is prohibited. If you have received this transmission in error,
please immediately reply to the sender and delete this information from your
system. Use, dissemination, distribution, or reproduction of this transmission
by unintended recipients is not authorized and may be unlawful.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
RE: Split View DNS
I tried this and noticed that the first view will IXFR the file from the
master, then the second view will try to IXFR and fail because the file
has already been updated. Then the second view does a complete AXFR. I
ended up with errors in the log file. With busy DDNS zones the errors
were very plentiful.
I found it best to just have separate files for each view even if they
have the same information in them. It works either way, just a personal
preference I guess.
-Christopher
-Original Message-
From: bind-users-bounces+christopher-howard=utc@lists.isc.org
[mailto:bind-users-bounces+christopher-howard=utc@lists.isc.org] On
Behalf Of Todd Snyder
Sent: Thursday, March 11, 2010 10:10 AM
To: Jason Gates; bind-users@lists.isc.org
Subject: RE: Split View DNS
Yes, assuming you want them to both have the same zone data.
We use a naming convention so we know when we're sharing a file. Each
view gets their zonefiles with -viewname (ie: example.com-internal)
appended. Common zones get -common. This keeps us from modifying the
wrong file, and lets us remember which ones are shared easily.
Todd.
-Original Message-
From: bind-users-bounces+tsnyder=rim@lists.isc.org
[mailto:bind-users-bounces+tsnyder=rim@lists.isc.org] On Behalf Of
Jason Gates
Sent: Thursday, March 11, 2010 10:06 AM
To: bind-users@lists.isc.org
Subject: Split View DNS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
When using split view, can one point to the same file in both views?
example:
view blah-internal {
match-clients { internal-users; };
zone blah.org in {
type slave;
file /var/named/slave/blah.org;
masters { ipaddress; };
};
zone 10.10.10.in-addr.arpa in {
type slave;
file /var/named/slave/10.10.10.reverse;
masters { ipaddress; };
};
};
view blah-external {
match-clients { any; };
zone blah.org in {
type slave;
file /var/named/slave/blah.org;
masters { ipaddress; };
};
zone 10.10.10.in-addr.arpa in {
type master;
file /var/named/view/10.10.10.reverse;
};
};
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
iEYEARECAAYFAkuZBtkACgkQ3BaZWzk6Q2cm6wCgt8/qogkzaM4SosMpS9o+PT9k
qugAoIwHOmvsZyrHDfbZEDsY1Rp1/tFZ
=aL9s
-END PGP SIGNATURE-
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-
This transmission (including any attachments) may contain confidential
information, privileged material (including material protected by the
solicitor-client or other applicable privileges), or constitute
non-public information. Any use of this information by anyone other than
the intended recipient is prohibited. If you have received this
transmission in error, please immediately reply to the sender and delete
this information from your system. Use, dissemination, distribution, or
reproduction of this transmission by unintended recipients is not
authorized and may be unlawful.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Split View DNS
On 11.03.10 10:06, Jason Gates wrote:
When using split view, can one point to the same file in both views?
for master zones, yes, but you will have to reload it in all views
explicitly (I think that server reload should take care of that)
for slave zones, I'm afraid it's not possible. You will have either to fetch
it two times from the master, or fetch from one view to another one...
(or create third view which will have ti as slave and create forward zones
in other views to this one).
example:
view blah-internal {
match-clients { internal-users; };
zone blah.org in {
type slave;
file /var/named/slave/blah.org;
masters { ipaddress; };
};
zone 10.10.10.in-addr.arpa in {
type slave;
file /var/named/slave/10.10.10.reverse;
masters { ipaddress; };
};
};
view blah-external {
match-clients { any; };
zone blah.org in {
type slave;
file /var/named/slave/blah.org;
masters { ipaddress; };
};
zone 10.10.10.in-addr.arpa in {
type master;
file /var/named/view/10.10.10.reverse;
};
};
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
iEYEARECAAYFAkuZBtkACgkQ3BaZWzk6Q2cm6wCgt8/qogkzaM4SosMpS9o+PT9k
qugAoIwHOmvsZyrHDfbZEDsY1Rp1/tFZ
=aL9s
-END PGP SIGNATURE-
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
RE: Split View DNS
I too found it best to have them be separate even if they contain the
same data. For me I had an internal and external view - the external
was my original zone so I made that my external view then simply
prepended internal- to the zone file name in the internal view. That
way all my intenal view zones files can be found quickly (as can
external by grepping out the internal-). If they have the same
content you can simply copy the original zone file to the other zone and
prepend. I did that with a for loop when I originally introduced views
and creating the zones files took less time than updating named.conf.
-Original Message-
From: bind-users-bounces+jlightner=water@lists.isc.org
[mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf
Of Matus UHLAR - fantomas
Sent: Thursday, March 11, 2010 10:18 AM
To: bind-users@lists.isc.org
Subject: Re: Split View DNS
On 11.03.10 10:06, Jason Gates wrote:
When using split view, can one point to the same file in both views?
for master zones, yes, but you will have to reload it in all views
explicitly (I think that server reload should take care of that)
for slave zones, I'm afraid it's not possible. You will have either to
fetch
it two times from the master, or fetch from one view to another one...
(or create third view which will have ti as slave and create forward
zones
in other views to this one).
example:
view blah-internal {
match-clients { internal-users; };
zone blah.org in {
type slave;
file /var/named/slave/blah.org;
masters { ipaddress; };
};
zone 10.10.10.in-addr.arpa in {
type slave;
file /var/named/slave/10.10.10.reverse;
masters { ipaddress; };
};
};
view blah-external {
match-clients { any; };
zone blah.org in {
type slave;
file /var/named/slave/blah.org;
masters { ipaddress; };
};
zone 10.10.10.in-addr.arpa in {
type master;
file /var/named/view/10.10.10.reverse;
};
};
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
iEYEARECAAYFAkuZBtkACgkQ3BaZWzk6Q2cm6wCgt8/qogkzaM4SosMpS9o+PT9k
qugAoIwHOmvsZyrHDfbZEDsY1Rp1/tFZ
=aL9s
-END PGP SIGNATURE-
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Proud partner. Susan G. Komen for the Cure.
Please consider our environment before printing this e-mail or attachments.
--
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential
information and is for the sole use of the intended recipient(s). If you are
not the intended recipient, any disclosure, copying, distribution, or use of
the contents of this information is prohibited and may be unlawful. If you have
received this electronic transmission in error, please reply immediately to the
sender that you have received the message in error, and delete it. Thank you.
--
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Split View DNS
On Thu, 11 Mar 2010, Matus UHLAR - fantomas wrote: On 11.03.10 10:06, Jason Gates wrote: When using split view, can one point to the same file in both views? for master zones, yes, but you will have to reload it in all views explicitly (I think that server reload should take care of that) Right. A server reload will load all zones in all views. You can also reload individual zones in individual zones: rndc reload zone class view such as: rndc reload example.com in internal rndc reload example.com in external to load zone example com in view internal zone example com in view external. For split zones with common data, I like to have a (usually small) zone file for each view with the SOA RR any view-specific data, each including a (usually larger) file of data common to all views. This avoids duplication of data which are supposed to be the same could otherwise get out of sync. The common file doesn't have an SOA RR, so it's not a complete zone file, so you have to refer to the view-specific files for the master files when doing named-checkzone. (Pay attention to the origin in the included file, explicitly specifying it with @ if the first RR applies to the bare zone name.) I use directories for managing the files in each view. On the master: Primary.internal for internal view files Primary.external for external view files Primary.common for files common to both views On the slave: Secondary.internal for internal backup files Secondary.external for external backup files (There is no Secondary.common because the slave tranfers whole zones in each view, having no knowledge of how the zones were assembled on the master.) for slave zones, I'm afraid it's not possible. You will have either to fetch it two times from the master, or fetch from one view to another one... Yes, if you want slaves to have the same split-view behavior, they will need to transfer the zones in all views independently. I use special TSIG keys for this: the slaves use the special key for the view they want to get from the master, while the master uses the special key to present the corresponding view. It's a little complicated, but it does the trick for me. Note that the zones in each view are independent of zones in other views, even if they happen to have the same zone name. The master files are just loaded by named not messed with (unless you're doing dynamic update, in which case what I'm saying might not apply). Thus, you can have multiple zones loaded from the same file on the master. (This applies to other cases than just split-view, such is if you want the same data in multiple IPv6 prefixes because they're laid onto the same net.) The backup files on the slaves are written by named, so each (zone,view) instance has to have its own file. Jay Ford, Network Engineering Group, Information Technology Services University of Iowa, Iowa City, IA 52242 email: jay-f...@uiowa.edu, phone: 319-335-, fax: 319-335-2951 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Split View DNS
Yes and no. Yes for static masters. No for everything else, i.e. slaves, dynamic masters, stubs. Mark - Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: split view dns, with a shared dynamic zone?
On Mon, 5 Jan 2009, Adam Tkac wrote: Btw setup with slave zone in second view is described in FAQ as well: - https://www.isc.org/faq/bind - Configuration and Setup Questions - How do I share a dynamic zone between multiple views? Cool, thanks for the pointer. I searched with google and on the mailing list archives, but never ran across the FAQ. I had tried something similar, but the slave would do a zone transfer the first time the slave zone existed, it would never update. I did not have an also-notify option on the master though, maybe that would fix that problem. I will give it another try. -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | hen...@csupomona.edu California State Polytechnic University | Pomona CA 91768 ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
