Views scalability

[Jens Grigel]

On Tue, 2004-08-17 at 17:30, Bob Chmara wrote:
> Ive been asked to investigate the possibility of using the Bind 9 views
> feature to control which systems our joint venture partners can access. 
> Each JV has a unique set of systems they need to access.  We currently
> have 16 or 17 JVs and that number is expected to grow.  Has anyone
> implemented 20 to 30 views of a single zone?

Hi Bob,

More than the usual 2 zones for inside/outside views when using bind
works perfect. We're running a bind 9.2.x system as internal DNS server
with 105 views to assure proper function of a complex Active Directory
setup. Each view holds 3 zones.

If you are going to implement many views be aware of a very complex,
probably almost unreadable config and a large amount of zone files with
similar names. That setup is *very* easy to screw up. I don't know of
any DNS management software (free or commercial) which supports that
kind of setup. And you definitely need some kind of automatism for
adding zones, config parts. I'm working with nested "include" 
statements. These are easy to generate and the main named.conf has only
a few lines for each view.

If you think of implementing slaves the config will be even more
complicated, because you have to use a separate IP on the slave for zone
transfers to work. If the zones are static (no DDNS) consider syncing
zones between many servers with rsync/ssh or something similar.

Hope this helps for the decision,

-- 

Jens Grigel

Citysavingsbank Munich, Germany
Dep. of Network and Security