Alan Clegg wrote:
On 1/1/2011 9:15 AM, Gary Wallis wrote:
You will need to setup one virtual IP for each extra view.
Not since very versions of BIND that are long-since EOL'd. The FAQ goes
into how to use TSIG keys to deal with "picking the right one".
This is what no one here addresses clearly and upfront:
The truth is that when you need N views, BIND transfer is a royal pain,
for almost all networks and IT departments.
Setting up views correctly is not simple. If you HAVE to do it, it's
much easier to do it with BIND than it is to do it with alternative
methods (in my opinion).
Think about it.
Given choices, I think I'm in agreement with you: I'd chose to not do
views.
Based on the posts here, the OP is going to do views. The best thing to
do is provide the best method of replicating those views to the machines
that are providing slave services without using external applications.
If it were me and I had no other choice than to use views, I'd get into
the system and re-wire everything using BIND 9.7.2 and write a set of
scripts that used "rndc addzone" and "rndc delzone" to control the
master and all of the slaves, configure TSIG keys to manage zone
transfers between hosts, etc.
Cheers!
and Happy New Year!
May 2011 be the best one before we all perish in the fires of whatever
is going to happen in 2012! :)
AlanC
Much thanks! I will look into the TSIG key method for view transfers,
and see if the very conservative (but that I am stuck with) CentOS BIND
version supports it.
Cheers!
Gary
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
