On 10/21/2024 9:35 AM, Bowie Bailey via bind-users wrote:
On 10/18/2024 6:19 PM, Nick Tait via bind-users wrote:
On 19/10/2024 05:50, Bowie Bailey via bind-users wrote:
On 10/18/2024 12:07 PM, Bob Harold wrote:
On Fri, Oct 18, 2024 at 11:33 AM Bowie Bailey via bind-users
<bind-users@lists.isc.org> wrote:
The second issue is that I have multiple zones that all point
to the
same file since those domains all go to the same set of
servers. Right
now, I am using the same zone file for all of them. This works
fine
currently, but when I try to enable DNSSEC for those domains, I
get an
error "writable file ... already in use". The simple answer
would be to
make a unique file for each zone, however I would rather keep a
single
file updated instead of having to make changes to all of the
individual
files whenever something changes with those servers. So far,
the only
other solution I've found is to manage the keys manually, which
seems to
add quite a bit of complexity to the setup. Is there a better
way to do
this?
zone "test.com" {
type master;
file "db.test.com";
};
zone "test2.com" {
type master;
file "db.test.com";
};
I would like to have DNSSEC active on both domains, but since they
are sharing a file, Bind complains about it.
If you are using Linux, I'd suggest looking at using filesystem links
so that you can have separate files that share the same content. (See
"man ln".)
That is an interesting idea. I'm familiar with hard links, but I
hadn't considered using them here. My other idea was copying one of
the zone files to a "master" file and then $INCLUDING that file in
each of the individual zone files. I'm not sure if bind will let me
put the SOA into an include. I'll do some testing on both options
later today and see what works.
Just a followup here for anyone who finds this thread later.
I did some testing and both options seem to work. I haven't updated my
live domains or sent key info to the registrar yet, but everything looks
good on my test domains.
Hardlinking the files together worked fine with no errors at all.
Softlinks to a master file also worked just fine.
Creating zone files that just say "$INCLUDE db.master" with no other
content and having the SOA and everything else in db.master also works.
I will probably go with either $INCLUDE or softlinks rather than
hardlinks. Hardlinks are hard to distinguish from separate files on
first glance, which could lead to mistakes later on.
Apparently, the only requirement is that the zone files have unique
names for DNSSEC. It doesn't seem to care about them otherwise.
I am somewhat surprised that I was able to have the SOA in an include
file. I was expecting Bind to throw an error on that even without the
DNSSEC processing.
Thanks for the comments and suggestions everyone!
--
Bowie
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
