Hi,
using bind 9.8.1-p1 on rhel5 i386
Having a problem with views. My intended configuration:
* most zones are identical in either view
* a few zones are added in the internal view
* networks in the internal view can do recursive queries (yeah, i know,
i'm not supposed to mix authoritative & recursing servers, but it's not
illegal, right?)
I've configured things this way, and it basically works.
However, when I update a zone on my master server, the changes are not
fully propagated to the slaves. The "internal" view on the slaves
generally picks up the changes; the "external" view, however, often
doesn't.
I haven't been able to divine a pattern to when this happens and when it
doesn't.
I use rndc reload on the master to have it pick up the changes.
Here are the view configs. the included files contain zone statements.
As I write this, i wonder if the problem is because i include the same
authoritativezones.conffile in all three views.
========= begin
view "internet2"
{
match-clients { some clients here };
recursion yes;
// you'd think "recursion yes" would enable recursion, but
you'd be wrong.
allow-query-cache { any; };
// all views must contain the root hints zone:
include "stdzones/named.root.hints";
include "conf/runtime/internet2.edu.conf";
include "conf/runtime/authoritativezones.conf";
};
view "member-meetings"
{
match-clients { some other clients here };
recursion yes;
// you'd think "recursion yes" would enable recursion, but
you'd be wrong.
allow-query-cache { any; };
// all views must contain the root hints zone:
include "stdzones/named.root.hints";
include "conf/runtime/authoritativezones.conf";
};
view "external"
{
// This view will contain zones you want to serve only to "external" clients
// that have addresses that are not on your directly attached LAN
interface subnets:
//
match-clients { any; };
match-destinations { any; };
// you'd probably want to deny recursion to external clients,
so you don't
// end up providing free DNS service to all takers
recursion no;
// Disable lookups for any cached data and root hints
allow-query-cache { none ; };
// all views must contain the root hints zone:
include "stdzones/named.root.hints";
// this should be a symlink, depending on master-slave status
include "conf/runtime/authoritativezones.conf";
};
=========== end
thanks!
danno
--
Dan Pritts, Sr. Systems Engineer
Internet2
office: +1-734-352-4953 | mobile: +1-734-834-7224
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
