views, slave zones, and data files
Anne Bennett
anne at alcor.concordia.ca
Tue May 4 21:45:16 UTC 2004
**** problem statement:
I have a few dozen zones, and I now need to provide about six
different views on part of that data (one of the zones). Since all
zones must be within view statements, I merrily used "include" files
to set up all of the zones that are the same for each view, and used
explicit zone statements for the zone which is different per view.
For example (this is my initial attempt, which had a problem):
view vlan_3 {
match-clients { vlan_3; } ;
include "/local/data/dns/conf/zoneconf.special"; // loopback, etc.
include "/local/data/dns/conf/zoneconf.concordia"; // Concordia
include "/local/data/dns/conf/zoneconf.encs"; // ENCS regular data
include "/local/data/dns/conf/zoneconf.private"; // ENCS private data
zone "Views.ENCS.Concordia.CA" { // ENCS variable data
type slave;
file "Views/vlan3.SEC";
masters { 132.205.xx.yy; };
};
};
view internal {
match-clients { encs; } ;
include "/local/data/dns/conf/zoneconf.special"; // loopback, etc.
include "/local/data/dns/conf/zoneconf.concordia"; // Concordia
include "/local/data/dns/conf/zoneconf.encs"; // ENCS regular data
include "/local/data/dns/conf/zoneconf.private"; // ENCS private data
zone "Views.ENCS.Concordia.CA" { // ENCS variable data
type slave;
file "Views/default-internal.SEC";
masters { 132.205.xx.yy; };
};
};
view external {
match-clients { any; } ;
include "/local/data/dns/conf/zoneconf.encs"; // ENCS regular data
zone "Views.ENCS.Concordia.CA" { // ENCS variable data
type slave;
file "Views/default-external.SEC";
masters { 132.205.xx.yy; };
allow-query { any; }; // override the more restrictive default
};
};
The problem with the above is that the include files, which list the zones,
all use the same filename, e.g., an include file might contain:
zone "ENCS.Concordia.CA" {
type slave;
file "encs.concordia.ca.SEC";
masters {
132.205.4.x;
132.205.44.y;
};
allow-query { any; };
};
.. but I just realized that all of the views that include the
above will be competing with each other to stomp on the data file
"encs.concordia.ca.SEC" - presumably not a good thing!
**** solutions that didn't work:
I had two ideas to resolve the above problem without having to repeat
my zone definitions six times each. The first idea was to change the
"directory" on a per-view basis, in other words, using the same
filename that comes from the include file, but having each view place
that file in a different subdirectory. Sadly, it seems that the
option "directory" is not allowable on a per-view basis:
named-checkconf complained "unknown option 'directory'" when I tried:
view external {
match-clients { any; } ;
directory "/local/data/dns/zones/SecData/external";
include "/local/data/dns/conf/zoneconf.encs"; // ENCS regular data
[....]
My second idea was that the "include" directive might take an
argument, kind of the way the zone file $INCLUDE directive does, that
could be referred to somehow in the include file itself: no such luck.
**** now what?
I'm all out of graceful ways to do this, so I'm writing a Makefile
which will use "sed" to build six files for each "template" include
file, and I will arrange to include the appropriate set of files in
each view. This isn't difficult, but it's ugly.
Is there a better way to do this? I can't believe that my problem is
a new one. There must be a simple way to serve multiple views of a
small part of one's data, without having to duplicate the rest!
Anne.
--
Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8
anne at encs.concordia.ca +1 514 848-2424 x2285
More information about the bind-users
mailing list