problem with views not updating

Barry Margolin barmar at alum.mit.edu
Fri Aug 19 01:35:37 UTC 2005


In article <de1kt2$2ucg$1 at sf1.isc.org>,
 Mariano Cunietti <mcunietti at enter.it> wrote:

> Hi list,
> I've got three BIND 9.3.0 servers configured as one hidden master and
> two public slaves for my 1100+ zones.
> 
> On the hidden master server I've set up a web panel to manage my zones,
> with a set of cron scripts to make BIND aware of any changes. Views are
> not implemented on this server.
> On both the public slaves I've set up two views, let's call them
> "internal" and "external". Zones in these views are identical except for
> that in the "internal" view I can access only one additional slave zone,
> depending on the IP address clients connect from. Thus, I share the same
> directory and files for all my zones.
> 
> The problem is that only ONE view receives notifies and updates when
> changes are made to the zone on the master DNS. I've read some messages
> back in this list, I read BIND-FAQ and several books and documents, but
> I could find no way out.
> 
> Only one view receives notifies and correctly updates, writing to a
> file. Because slave zone files are shared, it's odd that each time I
> issue a rndc reload both views get updated. 

When a NOTIFY is received, BIND uses its source address to determine the 
view that it's for.  So if your master is in the my-server-IPs ACL, the 
my-service-users view will be updated, otherwise the all-users view will 
be updated.

When you do rndc reload, any zone files that have been modified since 
they were previously read will be reloaded.  This updates the other view 
because the zone transfer modified the file that it uses (as far as that 
view is concerned, it's as if a system administrator had edited the 
file, and it doesn't do anything until he uses rndc reload).

> I also tried to have separate directories, one per view, and I noticed
> that only the latter view receives the updates.
> 
> Do I need to have views configured on the master DNS as well?

You need to get the master to send multiple NOTIFY messages for each 
zone, from two different addresses (one in the ACL, the other not in the 
ACL).  I'm not sure how to make that happen, though.

Another solution would be to set the Refresh time very short, so that 
the slaves will poll for changes frequently.  Both zones will pull over 
zone transfers this way.

> 
> 
> Here is master configuration:
> 
> =============================
> MASTER named.conf:
> 
> ....
> acl "my-slaves" {
>         <ip1-slave1>; <ip1-slave2>; <ip2-slave1>; <ip2-slave2>;
> };
> 
> acl "my-monitors" { <ip-monitoring>; };
> 
> 
> options {
>         directory "/var/named";
>         dump-file "/var/named/data/cache_dump.db";
>         statistics-file "/var/named/data/named_stats.txt";
> 
>         listen-on      { <ip1-master>; <ip2-master>; 127.0.0.1; };
> #        query-source address * port 53;
>         allow-transfer { "my-slaves"; };
>         allow-query { 127.0.0.1; "my-slaves"; "my-monitors"; };
>         allow-recursion { none; };
>         also-notify { <ip2-slave1>; <ip2-slave2>; };
>         version "Curiosity killed the cat";
> };
> ...
> =============================
> 
> 
> and here follows my slaves' configuration (IPs are obiously different)
> 
> SLAVES named.conf
> 
> =============================
> options {
>         directory "/var/named";
>         dump-file "/var/named/data/cache_dump.db";
>         statistics-file "/var/named/data/named_stats.txt";
> 
>         listen-on      { <ip1-slave1>; <ip2-slave1>; 127.0.0.1; };
> #       query-source address * port 53;
>         allow-notify { <ip1-master>; };
>         allow-transfer { "my-slaves"; "customers-slaves"; };
>         allow-recursion { any; };
>         version "Curiosity killed the cat";
> };
> 
> view "my-service-users" {
>         match-clients { "my-service-IPs"; };
>         allow-notify { <ip1-master>; <ip2-master>; };
> #       transfer-source   <ip2-slave1>;
>         zone "myprivatezone.tld"     { type slave; file
> "slaves/myprivatezone.tld"; masters { 217.227.165.12; }; };
>         zone "."                        { type hint; file "db.cache"; };
> 
>         include "/etc/named.conf.slave";
> };
> 
> view "all-users" {
>         match-clients { any; };
>         allow-notify { <ip1-master>; <ip2-master>; };
>         zone "."                        { type hint; file "db.cache"; };
> 
>         include "/etc/named.conf.slave";
> };
> 
> 
> =============================
> 
> Thanks in advance
> 
> Mariano

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***



More information about the bind-users mailing list