interface-interval

Mark Andrews Mark_Andrews at isc.org
Wed Nov 7 02:16:51 UTC 2007 

> 
> > For BIND 9, Is there any particular reason that interface-interval is
> > measured in minutes, rather than in seconds? Is this a particularly
> > expensive operation? Are there any plans to add the ability to listen
> > for interface changes on the routing socket or similar, for immediate
> > changes?
> > 
> > There are two places where one really wants BIND to start listening on
> > new interfaces as quickly as possible. One is when you unsuspend your
> > laptop and DHCP a new address; it would be nice if one didn't have to
> > restart BIND immediately after that.
> 	
> 	You don't. Just run rndc reconfig/reload.

	Most of the time listening on the loopback interface is
	what you want named to be doing.  There is no need for named
	to be listening on a external interface on a laptop.  Queries
	will use whatever interface the routing code decides is the
	exit interface.
 
> > The other is on servers terminating
> > VPN connections where you want the remote host to be using the BIND on
> > that host because it's trusted and doing DNSSEC validation.

 	Just use TSIG and allow the queries to come in from anywhere.
	If the remote nameserver is NATed forward to both the internal
	and external addresses.  Maintain a null route for the internal
	address space when you are not connected so the kernel can inform
	named that the internal address is not available.

> > Just as a side note, by the way, I'd like to thank the helpful experts
> > on this list; it's one of the best I've seen in terms of providing
> > helpful technical advice. Good work, guys.
> > 
> > cjs
> > -- 
> > Curt Sampson         <cjs at cynic.net>         +81 90 7737 2974
> >               http://www.starling-software.com
> > The power of accurate observation is commonly called cynicism
> > by those who have not got it.    --George Bernard Shaw
> > 
> > 
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list