problem with views not updating
Barry Margolin
barmar at alum.mit.edu
Fri Aug 19 01:35:37 UTC 2005
In article <de1kt2$2ucg$1 at sf1.isc.org>,
Mariano Cunietti <mcunietti at enter.it> wrote:
> Hi list,
> I've got three BIND 9.3.0 servers configured as one hidden master and
> two public slaves for my 1100+ zones.
>
> On the hidden master server I've set up a web panel to manage my zones,
> with a set of cron scripts to make BIND aware of any changes. Views are
> not implemented on this server.
> On both the public slaves I've set up two views, let's call them
> "internal" and "external". Zones in these views are identical except for
> that in the "internal" view I can access only one additional slave zone,
> depending on the IP address clients connect from. Thus, I share the same
> directory and files for all my zones.
>
> The problem is that only ONE view receives notifies and updates when
> changes are made to the zone on the master DNS. I've read some messages
> back in this list, I read BIND-FAQ and several books and documents, but
> I could find no way out.
>
> Only one view receives notifies and correctly updates, writing to a
> file. Because slave zone files are shared, it's odd that each time I
> issue a rndc reload both views get updated.
When a NOTIFY is received, BIND uses its source address to determine the
view that it's for. So if your master is in the my-server-IPs ACL, the
my-service-users view will be updated, otherwise the all-users view will
be updated.
When you do rndc reload, any zone files that have been modified since
they were previously read will be reloaded. This updates the other view
because the zone transfer modified the file that it uses (as far as that
view is concerned, it's as if a system administrator had edited the
file, and it doesn't do anything until he uses rndc reload).
> I also tried to have separate directories, one per view, and I noticed
> that only the latter view receives the updates.
>
> Do I need to have views configured on the master DNS as well?
You need to get the master to send multiple NOTIFY messages for each
zone, from two different addresses (one in the ACL, the other not in the
ACL). I'm not sure how to make that happen, though.
Another solution would be to set the Refresh time very short, so that
the slaves will poll for changes frequently. Both zones will pull over
zone transfers this way.
>
>
> Here is master configuration:
>
> =============================
> MASTER named.conf:
>
> ....
> acl "my-slaves" {
> <ip1-slave1>; <ip1-slave2>; <ip2-slave1>; <ip2-slave2>;
> };
>
> acl "my-monitors" { <ip-monitoring>; };
>
>
> options {
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
>
> listen-on { <ip1-master>; <ip2-master>; 127.0.0.1; };
> # query-source address * port 53;
> allow-transfer { "my-slaves"; };
> allow-query { 127.0.0.1; "my-slaves"; "my-monitors"; };
> allow-recursion { none; };
> also-notify { <ip2-slave1>; <ip2-slave2>; };
> version "Curiosity killed the cat";
> };
> ...
> =============================
>
>
> and here follows my slaves' configuration (IPs are obiously different)
>
> SLAVES named.conf
>
> =============================
> options {
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
>
> listen-on { <ip1-slave1>; <ip2-slave1>; 127.0.0.1; };
> # query-source address * port 53;
> allow-notify { <ip1-master>; };
> allow-transfer { "my-slaves"; "customers-slaves"; };
> allow-recursion { any; };
> version "Curiosity killed the cat";
> };
>
> view "my-service-users" {
> match-clients { "my-service-IPs"; };
> allow-notify { <ip1-master>; <ip2-master>; };
> # transfer-source <ip2-slave1>;
> zone "myprivatezone.tld" { type slave; file
> "slaves/myprivatezone.tld"; masters { 217.227.165.12; }; };
> zone "." { type hint; file "db.cache"; };
>
> include "/etc/named.conf.slave";
> };
>
> view "all-users" {
> match-clients { any; };
> allow-notify { <ip1-master>; <ip2-master>; };
> zone "." { type hint; file "db.cache"; };
>
> include "/etc/named.conf.slave";
> };
>
>
> =============================
>
> Thanks in advance
>
> Mariano
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list