Feature request: "ip lists".
Johan Ihrén
johani at autonomica.se
Mon May 23 08:25:08 UTC 2005
Hi Mark,
On May 10, 2005, at 02:29, Mark Andrews wrote:
>> When building large scale DNS infrastructure with lots of servers all
>> over the place it becomes an absolut nightmare to maintain ever
>> growing
>> lists of also-notifies, several versions of masters directives, etc,
>> etc.
>>
>> In the "incoming end" we have ACLs, i.e. we can use a more rational
>> syntax for the various allow-* directives as there is already a src
>> address to match against.
>>
>> But in the outbound direction (notifies, masters, etc) there is no
>> equivalent.
>>
>> In one particular painful case we presently have 30+ very different
>> IP-adresses in one giant also-notify clause repeated several times
>> over. If I could replace all of that with a
>>
>> also-notify { myslaves; };
>>
>> and only define "myslaves" once I'd be much happier.
>
> Well 9.3 supports masters lists.
>
> Does setting also-notify at the global level and setting
> empty also-notify clauses at the zone level help? I realise
> that it is not perfect but inverting the problem sometimes
> reduces the administrative load.
No, not in this case, unfortunately. We have several disjunct large
sets of servers rather than one large set.
So, just to play with that idea, we could do what you suggest (a global
also-notify that covers every server) at the cost of a constant stream
of spillover notifies between the sets. Since we're talking about
dozens and dozens of servers, multiple zones and often high update
frequencies I don't see that as an attractive alternative.
Johan
More information about the bind-users
mailing list