On 11 Apr 2014, at 18:59, John Wobus <jw...@cornell.edu> wrote: > On Apr 9, 2014, at 4:14 AM, Steven Carr wrote: >> However, assuming you are using views on the same IP address and not >> splitting it across internal/external servers as that would screw up >> NS records), you can reuse the same zone file so those zones that >> appear in both internal and external views refer back to the same zone >> file, then when you update that zone file both views are updated. > > My understanding has been that two views that are masters for > a zone can safely share a zone file if the zone isn't dynamic (e.g. > dnsupdate, dnssec auto signing, etc), but that two views of > a slave zone shouldn't do that: you could have two > different views independently rewriting the same file, a bad thing even > if the files are known to be identical. Furthermore, allowing that could > conceivably show no problems very much of the time, masking the actual > risk. > > If I'm wrong, that would be a good thing to know. > > John Wobus > Cornell U
If you were to use a DLZ for the dynamic zone rather than a file, then the multiple writer integrity can be handled by the DLZ code (i.e. palming it off to a RDBMS to deal with). Just a thought - but generally I agree that multiple writers to a file is just asking for trouble⦠----- Marty Lee e: ma...@maui-systems.co.uk Technical Director v: +44 845 869 2661 Maui Systems Ltd f: +44 871 433 8922 Scotland, UK w: http://www.maui-systems.co.uk
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users