On 02 Jan 2014, at 16:37 , Alan Clegg <a...@clegg.com> wrote: > On Jan 2, 2014, at 9:19 AM, wbr...@e1b.org wrote: > >>>> Use views >>> >>> Views +1 >> >> When were views added to BIND? We started using using multiple servers in >> BIND 4, and I don't recall views being available back then, but I didn't >> configure the servers, just maintained the zones. >> >> We're still using multiple servers for internal vs. external resolution. > > Views have been in bind “for all recent history”. > > I’ve watched this thread and have been biting my tongue as long as I could. > > I’m a proponent of separating servers and NOT using views, as any of you that > have taken a class that I’ve taught will attest. > > I’ve seen too many problems over the years that have been caused by incorrect > maintenance of both data feeding the views and goofs in the mechanisms making > sure that the correct view is made available to the correct slave servers > (and clients). > > With today’s hardware (virtualization, etc) it’s not very expensive to build > out new servers. Separate the services and you remove lots of the little > prickly points that will cause you pain as the complexity of your > infrastructure grows (and as you hand off to the ‘next generation’ of > maintainers).
I could not agree more (as anyone who has attended a class that I've taught will attest ;-). Furthermore, in addition to the very valid reasons that Alan list, I'd want to add yet another reason to implement this via multiple, simple, [virtual] servers, rather than using views and that is "platform independence". Views are a feature specific to BIND9 (and ANS, I think). If I implement this via multiple servers then for each server I am free to choose whatever implementation is best for that task. If choose a design based on views, I am forced to used BIND9. And while BIND9 may be the best thing since sliced bread, it will not be the preferred choice forever. > I’m actually more a proponent of creating an architecture that doesn’t NEED > differentiated data, but there aren’t a lot of places implementing DNS / > naming structures on green-fields these days. I agree with this also. Johan
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
