Views configuration question.

Sat Aug 14 03:27:07 UTC 2004

Tom Diehl wrote:

>On Fri, 13 Aug 2004, Kevin Darcy wrote:
>
>  
>
>>Tom Diehl wrote:
>>
>>    
>>
>>>Hi all,
>>>
>>>I have a couple of zones that I host. The master is on a local machine and the
>>>slave is hosted remotely. In addition I have zones that are locally hosted
>>>slaves and the masters are hosted remotely. Both nameservers have both internal
>>>and external views. The question is, what is the correct way to handle the
>>>internal view of the zones for which I am a slave? 
>>>
>>>For example if I have a config file that looks something like the following:
>>>
>>>view "rogueind" {
>>>   match-clients { "internal";};
>>>   recursion yes;
>>>
>>>zone "rogueind.com" in {
>>>       type master;
>>>       notify yes;
>>>       file "rogueind.com.internal.db";
>>>       allow-transfer {
>>>               "internal";
>>>               };
>>>   };
>>>
>>>}
>>>
>>>
>>>view "external" {
>>>   match-clients { "any"; };
>>>   recursion no;
>>>
>>>   zone "rogueind.com" in {
>>>       type master;
>>>       notify yes;
>>>       file "rogueind.com.db";
>>>       allow-transfer {
>>>               "external";
>>>               };
>>>   };
>>>
>>>	zone "stnhbr.com" in {
>>>       type slave; masters { xxx.xxx.xxx.xxx; };
>>>       notify no;
>>>       file "cache/stnhbr.com.db";
>>>       allow-transfer { "external"; };
>>>   };
>>>
>>>};
>>>
>>>What is the correct way to handle the internal view of the stnhbr.com domain?
>>>Do I do it the way I have it above? I think this would just query the remote
>>>nameserver but what happens if the remote is unavailable? 
>>>
>>>      
>>>
>>As a recursive resolver, it will try to query any or all of the 
>>nameservers which are published in the zone's NS records, including your 
>>nameserver if it is published there.
>>
>>    
>>
>>>If I add a stanza 
>>>to the internal view for the stnhbr zone I do not think the zone transfers,
>>>notifies, etc will work properly given that the internal addresses will never
>>>match the external addresses.
>>> 
>>>
>>>      
>>>
>>A question: do you have multiple addresses on this box, or just one? If 
>>    
>>
>
>At this point in time 1 machine has multiple external addresses available
>but the other only has 1 external available. They both have multiple internal
>addresses available.
>
>  
>
>>you have just one address, then perhaps the simplest thing to do is make 
>>both views slaves of the stnhbr.com zone. This will incur some extra 
>>zone-transfer overhead, unfortunately. If you want to avoid that 
>>    
>>
>
>I tried the above and it seems to work OK except that the internal zones
>never get the notifies so it waits for the refresh time to reload the zone.
>Since I am not doing dyndns updates I suppose that is not that much of a
>problem.
>
>  
>
>>overhead, you could try adding an exception to the match-clients so that 
>>when the nameserver instance queries *itself*, it gets the external 
>>view. If you do that, though, you might want to change /etc/resolv.conf 
>>on the box to point to 127.0.0.1, otherwise local processes will lose 
>>the ability to resolve internal names.
>>    
>>
>
>If I figure this out will notifies work? I will have to do some reading on
>this.
>
>  
>
>>If you have multiple addresses on the box to play with, you could tinker 
>>with query-source, transfer-source etc. to have the internal view be a 
>>stealth slave from the external view for stnhbr.com. Be aware, however, 
>>that whenever you make a slave to another slave, changes to the zone 
>>could take up to twice the refresh time to propagate.
>>    
>>
>
>Hummm, so are you saying that if I have a box with 2 ip addresses I could
>have the internal view updated by the external view of the same nameserver??
>If so would notifies work? If notifies work, doesn't that solve the problem
>of the delay in zone propagation?? If my assumptions are correct then that
>might solve my problem, since I could use multiple internal addresses.
>
You can tune NOTIFY a lot these days with also-notify, notify explicit, 
notify-source and so forth.

>Another thought, what would happen if I made the internal view for stnhbr.com
>a master with the zonefile pointed at the same file that gets transferred
>by the external view. IOW the external and internal views would be pointed
>at cache/stnhbr.com.db. I think that updates to the zone might be slow but
>I am not sure if there are any other side effects.
>
No, that wouldn't work too well. Master zones never get refreshed unless 
you explicitly reload them or restart/reload the whole nameserver.

- Kevin