Re: Multi-master (HA)
I wouldn't say we migrated in that direction due to anything other then lack of good options. What BIND is missing is the concept of an update master. Augment BIND with the following: * Each master is aware of the other masters. * One master is defined as an update master (rndc control?) * Each master knows all the configurations necessary to act as a slave to the update master * Each master knows all the configurations necessary to be the update master. With the above, it would become relatively trivial to simply issue a directive and have the servers change their roles. If the update master is isolated, the directive must be able to be accepted at one of the other masters so that it can become the update master. When the isolation ends, the update master must realize it's new state and demote itself cleanly. I am doing this manually by having the zone configurations hold the masters list as well as update policies. To convert, the only lines that get changed are the type, masters and update-policy stanzas. They get (un)commented as appropriate and then bind reloaded. The one trick I had to pay attention to is that when making the update master a slave master, I needed to touch all the zone files to prevent bind from immediately expiring them. It is also necessary to issue rndc refresh commands to the new slave to force it to perform SOA checks against the new update master. Otherwise, in the case of isolation, it won't bother to update it's zones until the next refresh cycle ends. -- John On 5/8/2014 7:32 AM, Tony Finch wrote: A few thoughts... The DNS protocol is already pretty good at replicating zone data - see for instance John Wingenbach's message in which he describes how their deployment gradually converged on a fairly standard architecture :-) I think multi-master makes most sense if the primary master uses DNS UPDATE for zone edits (and use raw file format), to minimize the differences between the primary and the secondaries. You probably want to ensure update forwarding is allowed, so that update clients do not have to worry so much about finding the current primary master. When a secondary takes over as primary it will need to update the SOA MNAME to point to itself so updates go to the right place. Most of the problem is actually one of remote configuration management: promoting a secondary to a primary is not all that different from setting up the secondary in the first place or making other co-ordinated changes. For instance it would be nice to be able to set up a zone once on the primary and have it automatically provisioned on the secondaries. I like Phil Mayers' zone-template idea, which might make it easier to flip from secondary to primary, as well as reducing the size and ensuring the consistency of large configs. Metazones are a tempting idea but the details get yucky the more of BIND's features you want to support. Also I am rather wary about the idea of putting secrets in a DNS zone; if you have an out-of-band way of distributing them it makes sense to use the same channel for the rest of the configuration. (http://ci.nii.ac.jp/naid/110007502948 - Vixie's metazones paper.) Tony. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Answer for a specific host, but recurse for all others within a zone
What you are looking for is basically dnsmasq. That allows you to override specific resolutions, while letting the rest go through the normal process. BIND does not allow you to have split authority for a single zone. if you say something.xyz.com is handled locally, then anything under that is also considered to be handled locally. --John On 5/8/2014 2:54 PM, Barry Margolin wrote: In article mailman.181.1399569458.26362.bind-us...@lists.isc.org, fullme...@ldschurch.org wrote: Does anyone know how I might configure bind to answer for a specific host within the zone, but perform a recursive lookup for the rest of the zone? For example, given the domain xyz.com, how might I configure a local DNS server to reslove something.xyz.com to, maybe, a local server, but still allow Wwww.xyz.com, mail.xyz.com and www.something.xyz.com to still recursively resolve? Is there a way? - Jon Configure the server as authoritative for the something.xyz.com zone, and put the local server address in an A record at the apex. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Multi-master (HA)
I run a multi-master environment. We have 3 data centers which are considered to be able to run even though the rest are down. Initially, we ran our masters with the same exact configurations on each. One of the data centers was administratively defined as being the 'update master'. From there, any changes were first done locally and then rsync'd to each of the other data centers. Once in place, rndc reload was executed to pick up the changes on all of the masters. However, with the dawning of DNSSEC, that became problematic. Later we moved to dynamic updates and simply sent the update commands to each master separately. That worked but still resulted in issues with resyncing the zones after one of the data centers was out of communication. Now we have moved to one 'update master' and the rest being slave masters. When we want to change the update master, we have scripts which make the needed mods in the zone configurations and then restart named. It's not the prettiest method but it does provide the single point of update, automatic recovery if one of the datacenters is not reachable and full support of DNSSEC. There is no issue with zone file format as the zones are kept in text format and upon conversion to slave, we touch each of the files to prevent the new slave from expiring the zones immediately. -- John On 5/6/2014 2:20 PM, Baird, Josh wrote: Hi, For those of you who operate at multiple sites or datacenters, are you doing any HA for your BIND masters? Ideally, we would have a master in each datacenter; maybe not an active one, but one that is standing by in case your primary master becomes unavailable. Do you have multiple active masters and list them as master in each of your slave's zone definitions? This seems like it could get rather messy. One thought is to use a technology like VMWare SRM which will spin up a master/virtual machine automatically in a second datacenter if your primary master goes down. This coupled with Layer2 connectivity between your sites could make things fairly simple. The standby/secondary master would retain the same IP address as your primary, so everything should just *work*. What are others doing? Any thoughts, ideas or advice is much appreciated. Thanks, Josh ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Zone Transfer issue on BIND9
The problem pointed out in your 'match-clients' is the first glaring problem. What you need to understand is that from the point of BIND, your slave server is treated the same (from the view ) as any client for the master and vice versa. So, the communication between master and slave needs to be taken into account along with real clients. Breaking down your views along w/ the files, it appears you want to have 3 unique zone files for the same domains being transferred from master to slave. That means you need to define 3 unique paths between master and slave. Given that, if you are going to only use one IP, you need to use 2 keys. For example, TSIG1-KEY, TSIG2-KEY and the 'other' match. I'd heavily recommend following the other advice and simplify your test scenario. Get the communication working for a single unique zone file across the 3 views between the master and slave. Then add in whatever other acls needed to support non-master/slave comm. Once you have that, then augment it with the rest of zones you need to support. -- John ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: 2 dns records for same server
The OP stated he has 3 separate DNS servers. Two serving public and
one serving private. Under those circumstances, there is no specific
need or requirement for views. Views are only needed if the same DNS
server is answering to clients that you want to give out different
answers. If as the OP stated, and is assumed, the clients are separated
by different DNS servers, then simply mastering the domain on the
internal vs public servers is sufficient.
-- John
On Sat, 18 Aug 2012 18:43:41 +
Michael Hoskins (michoski) micho...@cisco.com wrote:
-Original Message-
From: Dwayne Hottinger dhottin...@harrisonburg.k12.va.us
Date: Saturday, August 18, 2012 5:49 AM
To: bind-users@lists.isc.org bind-users@lists.isc.org
Subject: 2 dns records for same server
I need to have 2 seperate dns records for the same servername.
Essentially when inside my network (10.) I need it to resolve to a
10. ip address. When outside it needs to resolve to my public ip.
Everything Ive done so far with my dns records has returned
2 ip's. In otherwords when doing a host servername or nslookup
servername I get both the external and internal ip's of the server.
This seems to be causing issues with the applicatons on the server.
Some computers inside my network are trying to connect
to the public ip (which is being natted from my firewall), those
that
are connecting are extremely slow. The slowness leads me to believe
that they are first trying the public ip before hitting the private.
My dns is setup with a dns server inside my network (serving the 10)
and 2 dns servers for my public ip's.My lan is setup that each
of my sites (schools) are in a different dns zone. What I want to
happen is the url or name of the server to be the
same regardless of where the user is either inside or outside my
network.
So far I have tried setting up a seperate zone file for my internal
dns and adding the entry to my external like I normally do. This is
what resolves with 2 ip's. Is there anyway to get my dns servers
to do this?
As others have mentioned, you need views. You're on the right track
with two zone files, but need a bit more configuration. Ultimately
you'll want to read over the ARM for more detail on views and other
available options before running a name server (especially one that's
publicly exposed), but here are the key points:
options {
directory /etc/namedb;
listen-on {
a.b.c.d; # external IP
e.f.g.h; # internal IP
};
empty-zones-enable yes;
};
# acls, etc. now shown here
include common.conf;
view external in {
match-destinations { a.b.c.d; };
notify-source a.b.c.d;
transfer-source a.b.c.d;
query-source a.b.c.d;
allow-transfer { transfer; };
allow-query { trusted; }; # or any
recursion yes; # or no
allow-recursion { trusted; }; # or none
zone . in { type hint; file named.root; };
include external_master.conf;
include external_slave.conf;
};
view internal in {
match-destinations { e.f.g.h; };
transfer-source e.f.g.h;
query-source e.f.g.h;
allow-transfer { transfer; };
allow-query { trusted; };
recursion yes;
allow-recursion { trusted; };
zone . in { type hint; file named.root; };
include internal_master.conf;
include internal_slave.conf;
};
Then in your included *.conf files make sure your external and
internal zones point to different zone files like
/etc/namedb/internal/{master,slave}/* and
/etc/namedb/external/{master,slave}/*.
http://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch06.html#view_statemen
t_grammar
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: 2 dns records for same server
Assuming your architecture is: 2 DNS servers which answers to external queries (public facing) 1 DNS server which only answers to internal queries (internal facing) All internal clients configured to query the internal facing DNS server for resolution. Then, simply place your domain in both the external and internal servers but having the internal one resolve with a zone file which maps to internal IPs instead of the external IPs. On the other hand, if you don't want to maintain the domain in both places, then your best bet is to configure your clients to use a searchlist of the form: internal.DOMAIN DOMAIN Then, you only have the internal.DOMAIN zone on your internal facing server and it only houses names which should override the normal domain's entries. Your clients in this case would not use a fully qualified domain name. Instead they would just use the hostname. --John On Sat, 18 Aug 2012 08:49:58 -0400 Dwayne Hottinger dhottin...@harrisonburg.k12.va.us wrote: I need to have 2 seperate dns records for the same servername. Essentially when inside my network (10.) I need it to resolve to a 10. ip address. When outside it needs to resolve to my public ip. Everything Ive done so far with my dns records has returned 2 ip's. In otherwords when doing a host servername or nslookup servername I get both the external and internal ip's of the server. This seems to be causing issues with the applicatons on the server. Some computers inside my network are trying to connect to the public ip (which is being natted from my firewall), those that are connecting are extremely slow. The slowness leads me to believe that they are first trying the public ip before hitting the private. My dns is setup with a dns server inside my network (serving the 10) and 2 dns servers for my public ip's.My lan is setup that each of my sites (schools) are in a different dns zone. What I want to happen is the url or name of the server to be the same regardless of where the user is either inside or outside my network. So far I have tried setting up a seperate zone file for my internal dns and adding the entry to my external like I normally do. This is what resolves with 2 ip's. Is there anyway to get my dns servers to do this? thanks, ddh ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Secondary Master
The concept of a secondary master is sound. It basically provides for a healthy means of handling the situation where your primary master is unusable. To enable and support a primary/backup dns master, the backup master is initially setup as noted as a slave server. Any other slave servers for the primary master also need to be pre-configured to treat the secondary master as a master. Thus, when the primary master is unavailable, the task is simply to reconfigure the secondary master as a true master and to temporarily break the link between the primary and secondary. Upon recovery, you would have to convert the original primary master as a slave to get updates from the secondary and then re-enable it as the primary. This is a relatively simply explanation of what can be done to support a primary/secondary master. Obviously, there's a lot of work to support the flipping of masters which requires intelligent scripting to make it failure resistant. It would be nice if bind natively supported the concept. However, until such time, manual / scripting means are needed. On 05/11/2012 11:27 AM, wbr...@e1b.org wrote: John wrote on 05/11/2012 11:05:58 AM: I found this article about setting up a secondary master. This may be useful as we are bringing up a disaster recovery site. The author explains that the zone type should be ?slave?? so it can receive db updates from the normal master. Seems like that makes it a slave instead of a master for that zone? We are also looking at the app rsync for db transfers so we will have mirrored masters, IP traffic separated by routers. Thanks https://help.ubuntu.com/8.04/serverguide/dns-configuration.html What they describe is a typical slave server. I wonder if they are misusing the term master for authoritative. They are correct that more than one server is needed in order to maintain the availability of the domain should the Primary become unavailable. It's a good idea to make sure that your DNS servers are physically separated so a network failure does not block access to all of them. I would just let zone transfers take care of keeping things in sync instead of using rsync and a bunch of custom procedures to so it. Confidentiality Notice: This electronic message and any attachments may contain confidential or privileged information, and is intended only for the individual or entity identified above as the addressee. If you are not the addressee (or the employee or agent responsible to deliver it to the addressee), or if this message has been addressed to you in error, you are hereby notified that you may not copy, forward, disclose or use any part of this message or any attachments. Please notify the sender immediately by return e-mail or telephone and delete this message from your system. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re:
If that's an exact copy of your record, I'm going to also assume that the ORIGIN at the time of the record is toto.be. As such, the resulting record becomes: www.toto.be.toto.be. 86400 IN CNAME www.titi.be.toto.be. Note that trailing '.'s are required to prevent the automatic addition of the ORIGIN. e.g.: www.toto.be. 86400 IN CNAME www.titi.be. Dig will only send it's query to the server specified on the command line (when specified). Otherwise, it uses the server listed in the resolver configuration. If this doesn't answer your question, provide better information. i.e. example dig and full response. On 05/07/2012 09:29 AM, hugo hugoo wrote: Dear all, I have the following situation in my zone migration for one server (A) to another server (B) The zone is called toto.be and contains the following record: www.toto.be 86400 IN CNAME www.titi.be == the zone titi.be is in the same server (A) but is not transferred to the server (B). If I do a dig @SERVER(A) www.toto.be == I receive the IP corresponding to www.titi.be If I do a dig @SERVER(B) www.toto.be == I do not receive the IP corresponding to www.titi.be - Is this situation due to the fact that dig always and only contacts the server mentionned in the command ? - Does the titi.be and toto.be be on the same server to correctly use CNAMES? Thanks for your feedback, hugo, ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Why does a non-delegated sub-domain work?
s6 is a subdomain of the parent domain. Unless otherwise specified, subdomains are mastered (NS'd) by the parent (or extended parent domain) containing NS records. As such, because you didn't put any NS records in the zone file for s6, it follows the NS records of the parent which happen to be the same name server as s6. On the other hand, if you had attempted to master s6 on a different name server, it would not have worked. On 05/07/2012 12:32 PM, M. Meadows wrote: So ... if we have exacttarget.com delegated to ns1 and ns2.exacttarget.com nameservers and ... we manage the s6.exacttarget.com zone file from ns1 and ns2.exacttarget.com but we don't delegate s6 in the exacttarget.com zone file ... forgot to enter it in the zone file ... how is it that s6.exacttarget.com and its contents resolve properly from everywhere? Seems BIND is helping us out behind the scenes somehow. Right? Confused. Thanks, Marty ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Slave zone configuration -- purpose of forward/forwarders?
I've noticed the support in ARM for specifying both the forward and forwarders configuration in a zone stanza for slave zones. What is the purpose and value of specifying such? It seems contradictory and confusing. -- John ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: nslookup/dig question
You copied over the zone files. However, the bind 9 server is responding with NXDOMAIN. It appears to me that the server does not believe it is authoritative for the zone. Verify that the server indeed believes it is (look at the logs on startup). Take a look at your named configuration to make sure you are properly including the zone file into the configuration. On 1/25/2012 2:31 AM, JeanPaul Thomsin wrote: All, Have two servers. One has BIND8, the other BIND9. Copied over the zone files from the BIND8 server to the BIND9 server, so they are identical. Updated the /etc/resolv.conf file and the named.conf file. When I do an nslookup (from a third server) pointing to the BIND8 server, it works fine: # nslookup server 10.179.193.6 Default server: 10.179.193.6 Address: 10.179.193.6#53 set debug=all 10.16.42.61 Server: 10.179.193.6 Address:10.179.193.6#53 QUESTIONS: 61.42.16.10.in-addr.arpa, type = PTR, class = IN ANSWERS: - 61.42.16.10.in-addr.arpa name = ama552D.example.com. ttl = 86400 AUTHORITY RECORDS: - 42.16.10.in-addr.arpa nameserver = abby.example.com. ttl = 86400 ADDITIONAL RECORDS: - abby.example.com internet address = 10.179.193.6 ttl = 86400 61.42.16.10.in-addr.arpa name = ama552D.example.com. # When I do the same pointing to the BIND9 server, it doesn't work: # nslookup server 10.179.221.13 Default server: 10.179.221.13 Address: 10.179.221.13#53 set debug=all 10.16.42.61 Server: 10.179.221.13 Address:10.179.221.13#53 QUESTIONS: 61.42.16.10.in-addr.arpa, type = PTR, class = IN ANSWERS: AUTHORITY RECORDS: - 16.10.in-addr.arpa origin = prisoner.abc.org mail addr = hostmaster.root-servers.org serial = 2002040800 refresh = 1800 retry = 900 expire = 604800 minimum = 604800 ttl = 10608 ADDITIONAL RECORDS: ** server can't find 61.42.16.10.in-addr.arpa.: NXDOMAIN Server: 10.179.221.13 Address:10.179.221.13#53 QUESTIONS: 61.42.16.10.in-addr.arpa, type = PTR, class = IN ANSWERS: AUTHORITY RECORDS: - 16.10.in-addr.arpa origin = prisoner.abc.org mail addr = hostmaster.root-servers.org serial = 2002040800 refresh = 1800 retry = 900 expire = 604800 minimum = 604800 ttl = 10608 ADDITIONAL RECORDS: ** server can't find 61.42.16.10.in-addr.arpa.: NXDOMAIN ama552d.example.com Server: 10.179.221.13 Address:10.179.221.13#53 QUESTIONS: ama552d.example.com, type = A, class = IN ANSWERS: AUTHORITY RECORDS: - example.com origin = monty.example.com mail addr = admin.example.com serial = 134 refresh = 900 retry = 600 expire = 86400 minimum = 3600 ttl = 2991 ADDITIONAL RECORDS: ** server can't find ama552d.example.com: NXDOMAIN Server: 10.179.221.13 Address:10.179.221.13#53 QUESTIONS: ama552d.example.com.example.com, type = A, class = IN ANSWERS: AUTHORITY RECORDS: - example.com origin = monty.example.com mail addr = admin.example.com serial = 134 refresh = 900 retry = 600 expire = 86400 minimum = 3600 ttl = 3558 ADDITIONAL RECORDS: ** server can't find ama552d.example.com: NXDOMAIN Also did a dig pointing to the BIND8 server: # dig @10.179.193.6 ama552d.example.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 44601 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;ama552d.example.com. IN A ;; ANSWER SECTION: ama552d.example.com.86400 IN A 10.16.42.61 ;; AUTHORITY SECTION: example.com. 86400 IN NS maggi.example.com. example.com. 86400 IN NS abby.example.com. ;; ADDITIONAL SECTION: abby.example.com. 86400 IN A 10.179.193.6 maggi.example.com. 86400 IN A 10.179.196.38 ;; Query time: 2 msec ;; SERVER: 10.179.193.6#53(10.179.193.6) ;; WHEN: Tue Jan 24 16:51:14 2012 ;; MSG SIZE rcvd: 130 # On BIND 9 server, get the following: [root@maggitemp sec_qip]# dig @10.179.221.13 ama552d.example.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 12521 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;ama552d.example.com. IN A ;; AUTHORITY SECTION: example.com. 2596IN SOA monty.example.com. admin.example.com. 134 900 600 86400 3600 ;; Query time: 15 msec ;; SERVER:
Re: Loading MX record with illegal preference (Lame subject replaced: clarification
https://www.isc.org/files/arm96.html#types_of_resource_records_and_when_to_use_them Scroll down to the data type MX and it says: Identifies a mail exchange for the domain with a 16-bit preference value (lower is better) followed by the host name of the mail exchange. Described in RFC 974, RFC 1035. -- John On 10/22/2010 8:39 AM, Stephane Bortzmeyer wrote: On Fri, Oct 22, 2010 at 06:01:22PM +0530, ramsbrames...@gmail.com wrote a message of 42 lines which said: I have a record in BIND as follows: mxdomain.com. 86400 IN MX 65536 gmail.com. I don't think you tell us the truth. Because BIND refuses to load it: % named-checkzone example large-mx.zone dns_rdata_fromtext: large-mx.zone:15: near '65536': out of range zone example/IN: loading from master file large-mx.zone failed: out of range zone example/IN: not loaded due to errors. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Multiple zones pointing to same zone file
I know that per Mark Andrews that named does not support having multiple zones pointing to the same zone file. I can understand the issue if named does not support it for a slave server. What about for a master server? Are there any issues with named supporting that? I would assume that whenever the zone file is changed, notifies for each zone utilizing that file would be sent out. Is that correct? Does named support that? If not, are there any plans for named to support having multiple zones utilizing the same zone file? I would prefer to make sure that we are using named in a supported fashion despite that it has been working this way. :) -- John ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: multiple slave zones pointing to same file?
Simply set the file option to the same name on the slave server.
On 10/2/2010 2:59 PM, Doug Barton wrote:
On 10/2/2010 11:16 AM, online-reg wrote:
Hi All: I’m building a new Bind 9.7.1-P2 slave server and am taking an
opportunity to review my conf files.
I have a number of zones on the primary that all point to the same zone
configuration file. On my slave server, is there any way to configure
named.conf so that multiple zones are all “aliased” to the same zone
config?
Previously, I was using a basic slave config statement for each zone:
zone domain.com { type slave; file domain.com.zone; masters {
192.168.0.1; }; };
but, it seems like a lot of unnecessary files are being created?
I thought about using the same file name for all the slave zones
statements in named.conf, but wouldn't that force the file to be
overwritten multiple times for no reason?
How often does the file change? If the answer is not often then a
little file system churn is harmless.
IME the best way to do this on a Unix'y system is to use hard links.
That way if you ever need to change one of them to be its own file
it's trivial to do so. Also IME, BIND doesn't react well to having
multiple slave zones sharing the same file, but that may have improved
in more recent versions, I haven't tried it for a couple of years now.
hth,
Doug
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: multiple slave zones pointing to same file?
Doesn't support it? Since when does named not allow you to use the same file name for more then one zone? I've been doing that for several years. -- John Wingenbach On 10/2/2010 6:49 PM, Mark Andrews wrote: In message58f2f2eb90f24743a050575c87c7c...@nyoffice.enigmedia.local, online -reg writes: Hi All: IâEUR^(TM)m building a new Bind 9.7.1-P2 slave server and am taking an opportunity to review my conf files. I have a number of zones on the primary that all point to the same zone configuration file. On my slave server, is there any way to configure named.conf so that multiple zones are all âEURoealiasedâEUR? to the same zone config? No. Named does NOT support this. Mark ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind not starting
NS records must point to an A record. ns1 and ns2 .nsdomain.com do not have A records defined for them according to the zone file. -- John On 10/1/2010 12:14 AM, rams wrote: Hi, I have configured records as follows in bind. When we start the bind 9.7, bind is not starting. But bind is started successfully when commented below ns domains which are marked as RED. Could you please clarify me. *Note: Bind 9.6 is started successfully with the same below zone. * Error: zone nsdomain.com/IN http://nsdomain.com/IN: NS 'ns1.nsdomain.com http://ns1.nsdomain.com' has no address records (A or ) zone nsdomain.com/IN http://nsdomain.com/IN: not loaded due to errors. _default/nsdomain.com/IN http://nsdomain.com/IN: bad zone $ORIGIN nsdomain.com http://nsdomain.com. @ IN SOA dns1.dns.net http://dns1.dns.net. ppk.yahoo.com http://ppk.yahoo.com. ( 2009111903 ; serial 10800 ; refresh 3600 ; retry 2592000 ; expire 86400 ; minimum ) a.nsdomain.com http://a.nsdomain.com.86400INA1.1.1.1 a1.nsdomain.COM http://a1.nsdomain.COM.86400INFE80:: a1.nsdomain.com http://a1.nsdomain.com.86400INFE80:: a1.nsdomain.com http://a1.nsdomain.com.86400INA1.1.1.1 a1.nsdomain.com http://a1.nsdomain.com.86400INNS a1.nsdomain.com http://a1.nsdomain.com. a10.nsdomain.com http://a10.nsdomain.com.9IN NSns1.nu.moon. a11.nsdomain.com http://a11.nsdomain.com.9INNS abc.nsdomain.com http://abc.nsdomain.com. a12.nsdomain.com http://a12.nsdomain.com.86400INNS mx.nsdomain.com http://mx.nsdomain.com. a13.nsdomain.com http://a13.nsdomain.com.86400INNS cname.nsdomain.com http://cname.nsdomain.com. a13.nsdomain.com http://a13.nsdomain.com.86400INNS a.nsdomain.com http://a.nsdomain.com. a13.nsdomain.com http://a13.nsdomain.com.86400INNS mx.nsdomain.com http://mx.nsdomain.com. a14.nsdomain.com http://a14.nsdomain.com.2147483647INNS ns1.a14.nsdomain.com http://ns1.a14.nsdomain.com. a15.nsdomain.com http://a15.nsdomain.com.2147483647INNS ns1.a15.nsdomain.com http://ns1.a15.nsdomain.com. a2.nsdomain.com http://a2.nsdomain.com.86400INNS nsdomain.com http://nsdomain.com. a3.nsdomain.com http://a3.nsdomain.com.86400INNS a3.nsdomain.com http://a3.nsdomain.com. a3.nsdomain.com http://a3.nsdomain.com.86400INNS a2.nsdomain.com http://a2.nsdomain.com. a3.nsdomain.com http://a3.nsdomain.com.86400INNS a1.nsdomain.com http://a1.nsdomain.com. a3.nsdomain.com http://a3.nsdomain.com.86400INNS nsdomain.com http://nsdomain.com. a4.nsdomain.com http://a4.nsdomain.com.86400INNS a4.nsdomain.com http://a4.nsdomain.com. a4.nsdomain.com http://a4.nsdomain.com.86400INNS a4.nsdomain.com http://a4.nsdomain.com. a4.nsdomain.com http://a4.nsdomain.com.86400INNS a4.nsdomain.com http://a4.nsdomain.com. A5.NSDOMAIN.COM http://A5.NSDOMAIN.COM.86400INFE80:: a5.NSDOMAIN.com http://a5.NSDOMAIN.com.86400INFE80:: A5.nsdomain.com http://A5.nsdomain.com.86400INFE80:: a5.nsdomain.com http://a5.nsdomain.com.86400INFE80:: A5.NSDOMAIN.COM http://A5.NSDOMAIN.COM.86400INA 255.255.255.255 a5.nsdomain.COM http://a5.nsdomain.COM.86400INA 255.255.255.255 a5.NSDOMAIN.com http://a5.NSDOMAIN.com.86400INA 255.255.255.255 A5.nsdomain.com http://A5.nsdomain.com.86400INA 255.255.255.255 a5.nsdomain.com http://a5.nsdomain.com.86400INA 255.255.255.255 a5.nsdomain.com http://a5.nsdomain.com.86400INNS A5.NSDOMAIN.COM http://A5.NSDOMAIN.COM. a5.nsdomain.com http://a5.nsdomain.com.86400INNS a5.nsdomain.COM http://a5.nsdomain.COM. a5.nsdomain.com http://a5.nsdomain.com.86400INNS a5.NSDOMAIN.com http://a5.NSDOMAIN.com. a5.nsdomain.com http://a5.nsdomain.com.86400INNS A5.nsdomain.com http://A5.nsdomain.com. A6.NSDOMAIN.COM http://A6.NSDOMAIN.COM.86400INA 255.255.255.255 a6.nsdomain.COM http://a6.nsdomain.COM.86400INA 255.255.255.254 a6.NSDOMAIN.com http://a6.NSDOMAIN.com.86400INA 255.255.255.253 A6.nsdomain.com http://A6.nsdomain.com.86400INA 255.255.255.252 a6.nsdomain.com http://a6.nsdomain.com.86400INA 255.255.255.251 a6.nsdomain.com http://a6.nsdomain.com.86400INNS A6.NSDOMAIN.COM http://A6.NSDOMAIN.COM. a6.nsdomain.com http://a6.nsdomain.com.86400INNS a6.nsdomain.COM http://a6.nsdomain.COM. a6.nsdomain.com http://a6.nsdomain.com.86400INNS a6.NSDOMAIN.com http://a6.NSDOMAIN.com. a6.nsdomain.com http://a6.nsdomain.com.86400INNS A6.nsdomain.com http://A6.nsdomain.com.
