Re: adding zone forwards without restart

2016-09-30 Thread Tony Finch 
> On 29.09.16 12:25, Frank Even wrote:
> > I am running chrooted.  I'm relying on the "feature" of BIND "mounting" the
> > standard dirs into a chroot via the standard startup scripts in Cent6/7.

Aha, I should have actually read setup-named-chroot.sh rather than
assuming that it copied the files...

> > My understanding is it's not "copying" the files anywhere, but using those
> > that are there.  I am modifying them via puppet on the system.  I've even
> > created a "service" to only do an "rndc reconfig" instead of refreshing the
> > service to ensure I can do safe puppet runs.  But yeah, no matter what I
> > do, nothing short of a restart of the service (typically "service named
> > restart" on EL6 and "service named-chroot restart" on EL7) works.

Hmm, so it is doing a mount --bind of named.conf (the file itself), so
maybe the problem is that

(1) puppet is renaming the new named.conf into place, rather than
overwriting the old named.conf.

(2) after the rename, the bind mount continues to refer to the old file

# echo spong >test
# cat test
spong
# cat >mount
# mount --bind test mount
# cat mount
spong
# echo bling >test2
# mv test2 test
# cat mount
spong

(3) you have to remount all the config files in order for rndc reload to
work, and restarting the service causes this to happen

So you might find that it makes sense to update the config file in place,
along the lines of `cat named.conf`.

Or you might decide that it makes more sense to do your own chroot setup
and ditch Red Hat's clever-clever but half-broken attempt.

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
Faeroes, Southeast Iceland: Northerly 4 or 5, occasionally 6 at first,
becoming variable 3 or 4, then becoming westerly or southwesterly 4 or 5
later. Moderate or rough. Showers. Good.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: adding zone forwards without restart

2016-09-30 Thread Matus UHLAR - fantomas 

On 29.09.16 12:25, Frank Even wrote:

I am running chrooted.  I'm relying on the "feature" of BIND "mounting" the
standard dirs into a chroot via the standard startup scripts in Cent6/7.
My understanding is it's not "copying" the files anywhere, but using those
that are there.  I am modifying them via puppet on the system.  I've even
created a "service" to only do an "rndc reconfig" instead of refreshing the
service to ensure I can do safe puppet runs.  But yeah, no matter what I
do, nothing short of a restart of the service (typically "service named
restart" on EL6 and "service named-chroot restart" on EL7) works.


apparently there's something like that (copying files) in startup scripts or
related to puppet installation.

tried running without chroot for a while, if it helps?

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: adding zone forwards without restart

2016-09-29 Thread Reindl Harald 


Am 29.09.2016 um 21:27 schrieb Frank Even:

None of that works.  Nothing short of a restart of the daemon notices
new forwarders added to the config.  That is inclusive of:

rndc reconfig
rndc reload
rndc flushname $nameofforwardersadded
rndc flush


our named instances are running chrooted and i defined a SIGHUP to 
realod the named configuration in the system-unit years just for no need 
to configure "rndc" and don't make it useable since we don't have a 
usecase for it at all


ExecReload=/usr/bin/kill -HUP $MAINPID
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: adding zone forwards without restart

2016-09-29 Thread Frank Even 
I'm adding forwarders, not adding an authoritative domain.  I'm not working
directly with a zone at all.  Just intercepting DNS traffic for a specific
zone intended to be internal only and forwarding it to another group of
resolvers instead of dumping the queries to the Internet.

On Wed, Sep 21, 2016 at 5:03 PM, Sten Carlsen  wrote:

> I assume you did increase the serial, if not this is what I would expect
> to happen.
>
> On 21/09/16 10:53, Tony Finch wrote:
>
> Frank Even   wrote:
>
>
> Is there a way to add forwarders for specific zones without a restart?
> Everything I've read seems to indicate an "rndc reconfig" or an "rndc
> reload" should take care of this, but they do not.  I add forwarders to
> "named.conf" and neither will load the new forwarded zone until I do a full
> daemon restart.
>
> I bet you are running chrooted, and you are editing named.conf outside the
> chroot, and the restart script copies it into the chroot.
>
> You need to find a way to run the copy independently of restarting the
> daemon.
>
> Maybe there is something like `systemctl reload named.service` which does
> a graceful reload ... but, looking at the srpm I think you might have to
> run `/usr/libexec/setup-named-chroot.sh /var/named/chroot on`. OBVIOUSLY.
>
> Tony.
>
>
> --
> Best regards
>
> Sten Carlsen
>
> No improvements come from shouting:
>
>"MALE BOVINE MANURE!!!"
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: adding zone forwards without restart

2016-09-29 Thread Frank Even 
None of that works.  Nothing short of a restart of the daemon notices new
forwarders added to the config.  That is inclusive of:

rndc reconfig
rndc reload
rndc flushname $nameofforwardersadded
rndc flush

A restart of the service however, that does work.  That is far more
disruptive than I like though (making adding a forwarder a bit more labor
intensive at this point than I was hoping it would be).

On Wed, Sep 21, 2016 at 8:30 AM, Tony Finch  wrote:

> Benny Pedersen  wrote:
> >
> > why does reload not flush ?
>
> Often you want to reload zone files without throwing away the cache.
>
> Tony.
> --
> f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h
> punycode
> Bailey: Southeast 6 to gale 8, becoming cyclonic, mainly southwest, gale 8
> to
> storm 10, backing south 5 to 7 later. Very rough or high, becoming rough.
> Rain
> then showers. Moderate or poor, occasionally good.
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: adding zone forwards without restart

2016-09-29 Thread Frank Even 
I am running chrooted.  I'm relying on the "feature" of BIND "mounting" the
standard dirs into a chroot via the standard startup scripts in Cent6/7.
My understanding is it's not "copying" the files anywhere, but using those
that are there.  I am modifying them via puppet on the system.  I've even
created a "service" to only do an "rndc reconfig" instead of refreshing the
service to ensure I can do safe puppet runs.  But yeah, no matter what I
do, nothing short of a restart of the service (typically "service named
restart" on EL6 and "service named-chroot restart" on EL7) works.

On Wed, Sep 21, 2016 at 1:53 AM, Tony Finch  wrote:

> Frank Even  wrote:
>
> > Is there a way to add forwarders for specific zones without a restart?
> > Everything I've read seems to indicate an "rndc reconfig" or an "rndc
> > reload" should take care of this, but they do not.  I add forwarders to
> > "named.conf" and neither will load the new forwarded zone until I do a
> full
> > daemon restart.
>
> I bet you are running chrooted, and you are editing named.conf outside the
> chroot, and the restart script copies it into the chroot.
>
> You need to find a way to run the copy independently of restarting the
> daemon.
>
> Maybe there is something like `systemctl reload named.service` which does
> a graceful reload ... but, looking at the srpm I think you might have to
> run `/usr/libexec/setup-named-chroot.sh /var/named/chroot on`. OBVIOUSLY.
>
> Tony.
> --
> f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h
> punycode
> Trafalgar: North or northwest 4 or 5. Moderate or rough. Fair. Good.
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: adding zone forwards without restart

2016-09-23 Thread Matus UHLAR - fantomas 

Benny Pedersen  wrote:
> why does reload not flush ?



In article ,
Tony Finch  wrote:

Often you want to reload zone files without throwing away the cache.


On 22.09.16 11:39, Barry Margolin wrote:

It shouldn't flush the entire cache, but it would certainly make sense
to flush entries within a forwarding zone that's modified.


I don't see reason to implicitly flush entries just because existing domain
changed servers. Changing servers does not necessarily mean changing
content. 


there's "rndc flushtree" command since 9.9, that flushes domain and
subdomains when issued. You can use it if needed.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
How does cat play with mouse? cat /dev/mouse
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: adding zone forwards without restart

2016-09-22 Thread Barry Margolin 
In article ,
 Tony Finch  wrote:

> Benny Pedersen  wrote:
> >
> > why does reload not flush ?
> 
> Often you want to reload zone files without throwing away the cache.

It shouldn't flush the entire cache, but it would certainly make sense 
to flush entries within a forwarding zone that's modified.

-- 
Barry Margolin
Arlington, MA
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: adding zone forwards without restart

2016-09-22 Thread Matus UHLAR - fantomas 

On 21.09.16 14:49, philippe.simo...@swisscom.com wrote:

and after a forward add a rndc flush can help too ..


not needed unless old forwarders provide invalid data.


-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Matus 
UHLAR - fantomas
Sent: Wednesday, September 21, 2016 10:03 AM
To: bind-users@lists.isc.org
Subject: Re: adding zone forwards without restart


On 2016-09-21 02:40, Frank Even wrote:

Is there a way to add forwarders for specific zones without a restart?
 Everything I've read seems to indicate an "rndc reconfig" or an
"rndc reload" should take care of this, but they do not.  I add
forwarders to "named.conf" and neither will load the new forwarded
zone until I do a full daemon restart.


On 20.09.16 19:44, Frank Even wrote:

The basics are fine.  BIND just doesn't load newly added forwarded
zones, period.  It also kind of lies in the output:


the reconfig SHOULD cause bind reload the configuration.
the reload SHOULD cause bind reload the zones.

if it does not, it's probably a bug.

for forwarding zones, reconfig should be enough.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have. 
___

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: adding zone forwards without restart

2016-09-21 Thread Sten Carlsen 
I assume you did increase the serial, if not this is what I would expect
to happen.


On 21/09/16 10:53, Tony Finch wrote:
> Frank Even  wrote:
>
>> Is there a way to add forwarders for specific zones without a restart?
>> Everything I've read seems to indicate an "rndc reconfig" or an "rndc
>> reload" should take care of this, but they do not.  I add forwarders to
>> "named.conf" and neither will load the new forwarded zone until I do a full
>> daemon restart.
> I bet you are running chrooted, and you are editing named.conf outside the
> chroot, and the restart script copies it into the chroot.
>
> You need to find a way to run the copy independently of restarting the
> daemon.
>
> Maybe there is something like `systemctl reload named.service` which does
> a graceful reload ... but, looking at the srpm I think you might have to
> run `/usr/libexec/setup-named-chroot.sh /var/named/chroot on`. OBVIOUSLY.
>
> Tony.

-- 
Best regards

Sten Carlsen

No improvements come from shouting:

   "MALE BOVINE MANURE!!!" 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: adding zone forwards without restart

2016-09-21 Thread Tony Finch 
Benny Pedersen  wrote:
>
> why does reload not flush ?

Often you want to reload zone files without throwing away the cache.

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
Bailey: Southeast 6 to gale 8, becoming cyclonic, mainly southwest, gale 8 to
storm 10, backing south 5 to 7 later. Very rough or high, becoming rough. Rain
then showers. Moderate or poor, occasionally good.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: adding zone forwards without restart

2016-09-21 Thread Benny Pedersen 

On 2016-09-21 16:49, philippe.simo...@swisscom.com wrote:


and after a forward add a rndc flush can help too ..


why does reload not flush ?

imho a bug if thats the case
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: adding zone forwards without restart

2016-09-21 Thread Philippe.Simonet 
Hi

and after a forward add a rndc flush can help too ..

philippe

-Original Message-
From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Matus 
UHLAR - fantomas
Sent: Wednesday, September 21, 2016 10:03 AM
To: bind-users@lists.isc.org
Subject: Re: adding zone forwards without restart

>> On 2016-09-21 02:40, Frank Even wrote:
>>> Is there a way to add forwarders for specific zones without a restart?
>>>  Everything I've read seems to indicate an "rndc reconfig" or an 
>>> "rndc reload" should take care of this, but they do not.  I add 
>>> forwarders to "named.conf" and neither will load the new forwarded 
>>> zone until I do a full daemon restart.

On 20.09.16 19:44, Frank Even wrote:
>The basics are fine.  BIND just doesn't load newly added forwarded 
>zones, period.  It also kind of lies in the output:

the reconfig SHOULD cause bind reload the configuration.
the reload SHOULD cause bind reload the zones.

if it does not, it's probably a bug.

for forwarding zones, reconfig should be enough.

I guess, if the configuration is invalid, the old one should keep being used. 
>Sep 20 17:57:48 host01 named[26453]: reloading configuration succeeded 
>Sep 20 17:57:48 host01 named[26453]: any newly configured zones are now 
>loaded
>
>...except they're not.  Thus far I think the only condition I've 
>actually seen BIND load new zones without a restart after being added 
>to named.conf is if it's not already authoritative for a lower level 
>part of a domain and you're adding an authoritative zone.

Bind checks for zone file timestamps, although files do not apply for 
forwarding zones, so they are also not loaded, because queries for them are of 
course being forwarded (or recursed, if they are set to "forward first" and the 
forwarders do not answer).

>Even adding another master zone that is higher up in the hierarchy will 
>not load until a full restart I've found (meaning you have "domain.com"
>configured as a master zone and add "subdomain.domain.com" as a master 
>zone as well).

so, do you have problems with forwarding zones or master zones?

Did you run named-checkconf as Benny advised?
Did you run named-checkzone for the newly added zones?

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains? 
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: adding zone forwards without restart

2016-09-21 Thread Tony Finch 
Frank Even  wrote:

> Is there a way to add forwarders for specific zones without a restart?
> Everything I've read seems to indicate an "rndc reconfig" or an "rndc
> reload" should take care of this, but they do not.  I add forwarders to
> "named.conf" and neither will load the new forwarded zone until I do a full
> daemon restart.

I bet you are running chrooted, and you are editing named.conf outside the
chroot, and the restart script copies it into the chroot.

You need to find a way to run the copy independently of restarting the
daemon.

Maybe there is something like `systemctl reload named.service` which does
a graceful reload ... but, looking at the srpm I think you might have to
run `/usr/libexec/setup-named-chroot.sh /var/named/chroot on`. OBVIOUSLY.

Tony.
-- 
f.anthony.n.finch    http://dotat.at/  -  I xn--zr8h punycode
Trafalgar: North or northwest 4 or 5. Moderate or rough. Fair. Good.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: adding zone forwards without restart

2016-09-21 Thread Matus UHLAR - fantomas 

On 2016-09-21 02:40, Frank Even wrote:

Is there a way to add forwarders for specific zones without a restart?
 Everything I've read seems to indicate an "rndc reconfig" or an "rndc
reload" should take care of this, but they do not.  I add forwarders
to "named.conf" and neither will load the new forwarded zone until I
do a full daemon restart.


On 20.09.16 19:44, Frank Even wrote:

The basics are fine.  BIND just doesn't load newly added forwarded zones,
period.  It also kind of lies in the output:


the reconfig SHOULD cause bind reload the configuration.
the reload SHOULD cause bind reload the zones.

if it does not, it's probably a bug.

for forwarding zones, reconfig should be enough.

I guess, if the configuration is invalid, the old one should keep being
used. 

Sep 20 17:57:48 host01 named[26453]: reloading configuration succeeded
Sep 20 17:57:48 host01 named[26453]: any newly configured zones are now
loaded

...except they're not.  Thus far I think the only condition I've actually
seen BIND load new zones without a restart after being added to named.conf
is if it's not already authoritative for a lower level part of a domain and
you're adding an authoritative zone.


Bind checks for zone file timestamps, although files do not apply for
forwarding zones, so they are also not loaded, because queries for them are of
course being forwarded (or recursed, if they are set to "forward first" and
the forwarders do not answer).


Even adding another master zone that is higher up in the hierarchy will not
load until a full restart I've found (meaning you have "domain.com"
configured as a master zone and add "subdomain.domain.com" as a master zone
as well).


so, do you have problems with forwarding zones or master zones?

Did you run named-checkconf as Benny advised?
Did you run named-checkzone for the newly added zones?

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains? 
___

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: adding zone forwards without restart

2016-09-20 Thread Frank Even 
The basics are fine.  BIND just doesn't load newly added forwarded zones,
period.  It also kind of lies in the output:

Sep 20 17:57:48 host01 named[26453]: reloading configuration succeeded
Sep 20 17:57:48 host01 named[26453]: any newly configured zones are now
loaded

...except they're not.  Thus far I think the only condition I've actually
seen BIND load new zones without a restart after being added to named.conf
is if it's not already authoritative for a lower level part of a domain and
you're adding an authoritative zone.

Even adding another master zone that is higher up in the hierarchy will not
load until a full restart I've found (meaning you have "domain.com"
configured as a master zone and add "subdomain.domain.com" as a master zone
as well).


On Tue, Sep 20, 2016 at 5:56 PM, Benny Pedersen  wrote:

> On 2016-09-21 02:40, Frank Even wrote:
>
>> Is there a way to add forwarders for specific zones without a restart?
>>  Everything I've read seems to indicate an "rndc reconfig" or an "rndc
>> reload" should take care of this, but they do not.  I add forwarders
>> to "named.conf" and neither will load the new forwarded zone until I
>> do a full daemon restart.
>>
>
> rndc reload
>
> after edit named.conf
>
> remember to named-checkconf first
>
> is your rndc key pair or acl setup ?
>
> what are logged ?
>
> rndc reload zone ?
>
> type rndc to see valid commands
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: adding zone forwards without restart

2016-09-20 Thread Benny Pedersen 

On 2016-09-21 02:40, Frank Even wrote:

Is there a way to add forwarders for specific zones without a restart?
 Everything I've read seems to indicate an "rndc reconfig" or an "rndc
reload" should take care of this, but they do not.  I add forwarders
to "named.conf" and neither will load the new forwarded zone until I
do a full daemon restart.


rndc reload

after edit named.conf

remember to named-checkconf first

is your rndc key pair or acl setup ?

what are logged ?

rndc reload zone ?

type rndc to see valid commands
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users