On 1/2/2014 5:47 PM, Johan Ihrén wrote:
On 02 Jan 2014, at 16:37 , Alan Clegg <a...@clegg.com> wrote:
On Jan 2, 2014, at 9:19 AM, wbr...@e1b.org wrote:
Use views
Views +1
When were views added to BIND? We started using using multiple servers in
BIND 4, and I don't recall views being available back then, but I didn't
configure the servers, just maintained the zones.
We're still using multiple servers for internal vs. external resolution.
Views have been in bind “for all recent history”.
I’ve watched this thread and have been biting my tongue as long as I could.
I’m a proponent of separating servers and NOT using views, as any of you that
have taken a class that I’ve taught will attest.
I’ve seen too many problems over the years that have been caused by incorrect
maintenance of both data feeding the views and goofs in the mechanisms making
sure that the correct view is made available to the correct slave servers (and
clients).
With today’s hardware (virtualization, etc) it’s not very expensive to build
out new servers. Separate the services and you remove lots of the little
prickly points that will cause you pain as the complexity of your
infrastructure grows (and as you hand off to the ‘next generation’ of
maintainers).
I could not agree more (as anyone who has attended a class that I've taught
will attest ;-).
Furthermore, in addition to the very valid reasons that Alan list, I'd want to add yet
another reason to implement this via multiple, simple, [virtual] servers, rather than
using views and that is "platform independence". Views are a feature specific
to BIND9 (and ANS, I think). If I implement this via multiple servers then for each
server I am free to choose whatever implementation is best for that task. If choose a
design based on views, I am forced to used BIND9.
And while BIND9 may be the best thing since sliced bread, it will not be the
preferred choice forever.
I see views in broader terms as a kind of
source-and/or-dest-address-and/or-TSIG-key-based "virtualization" of a
DNS database. Now, one can virtualize a database by virtualizing the
underlying host OS itself -- as you and Alan have been advocating -- or
one can virtualize it in a subsystem-specific way (BIND 9 views), which
seems more focused and lightweight. Even if BIND 9 goes away some day, I
don't think this subsystem-specific virtualization desire/requirement
will go away. Something else will come along to fill that void (possibly
a proprietary, for-pay piece of code). Virtualizing at the OS layer just
isn't logistically or economically optimal in all cases.
- Kevin
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
