View selection via TSIG
Josh Paetzel
josh at tcbug.org
Tue Aug 18 03:28:44 UTC 2009
On Aug 16, 2009, at 12:26 AM, Mark Andrews wrote:
>
> In message <5EA10B89-4650-4F82-A41D-CB511CE2A9A9 at tcbug.org>, Josh
> Paetzel write
> s:
>> I've googled a bit and been unable to find the solution that I need.
>>
>> I have a master nameserver that has 4 views configured. I have a
>> slave for this that is currently using 4 IPs to slave the views.
>> This
>> works fairly well, except that the slave server is unable to handle
>> NOTIFY from the master. So when I do an update to a zone I have to
>> stop the slave, delete it's cache files, and restart it. The slave
>> is
>> able to properly load zones, since it uses the correct IPs to
>> transfer
>> the zones, and it gets the right views, all is well.
>>
>> I've read that BIND 9.3 can use TSIG for view selection, but all I've
>> ben able to find is using TSIG for one view, and no TSIG for the
>> other
>> view. What I would like to do is configure four separate TSIG keys
>> and do view selection based on which key is used.
>>
>> Is this possible? And where can I find documentation on it?
>
> Yes. Read the FAQ.
>
I read the FAQ, and there was a question entitled "How to share a
dynamic zone between multiple views?" that seemed to get me most of
the way there. I am now running my slave nameserver on one IP, and
zones transfers seem to work fine. NOTIFY also seems to work for
every view but the external view. This is somewhat perplexing to me.
Tomorrow I plan on turning on logging for NOTIFY to see if I can at
least determine what is going on.
If you have any tips or common gotchas feel free to let me know.
Thanks,
Josh Paetzel
More information about the bind-users
mailing list