In Reply to Seth's suggestion: > Am I reading this bug correctly, that MAAS currently asks BIND to reload its > entire configure > file on every machine provision and removal? > > This seems like a problem worth solving rather than trying to work around. > > At least PowerDNS provides several mechanisms for dynamically adding and > removing records from > a zone: > > - dnsupdate: https://doc.powerdns.com/authoritative/dnsupdate.html
[...] > Since dnsupdate is an RFC-standardized protocol there's a pretty good shot > BIND supports it as > well. Was this tried and found lacking? The API and SQL approaches are likely > to not have > equivalents in BIND. > > I'm not sure what your DNSSEC goals are, but PowerDNS's documentation > describes choices, > including pkcs#11 in case that's important: > https://doc.powerdns.com/authoritative/dnssec/index.html Yes bind has even a tool for RFC 2136 packaged [1]. A little howto mentioning DNSSEC in that regard can be found at [2]. It also mentions an apparmor Deny with the setup, but if that would be the blocker I'm sure we can come up with a safe rule that can be added. This might really be much closer to the design of the DNS server then high-frequency restart/reload. So giving this a thought/experiment on the MAAS side might be great. [1]: http://manpages.ubuntu.com/manpages/bionic/man1/nsupdate.1.html [2]: https://dnns.no/dynamic-dns-with-bind-and-nsupdate.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1710278 Title: [2.3a1] named stuck on reload, DNS broken To manage notifications about this bug go to: https://bugs.launchpad.net/bind/+bug/1710278/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
