View selection via TSIG

Mark Andrews marka at isc.org
Tue Aug 18 04:08:01 UTC 2009


In message <96123FB1-1F2E-493C-BBB8-24A86A1DD99A at tcbug.org>, Josh Paetzel write
s:
> 
> On Aug 16, 2009, at 12:26 AM, Mark Andrews wrote:
> 
> >
> > In message <5EA10B89-4650-4F82-A41D-CB511CE2A9A9 at tcbug.org>, Josh  
> > Paetzel write
> > s:
> >> I've googled a bit and been unable to find the solution that I need.
> >>
> >> I have a master nameserver that has 4 views configured.  I have a
> >> slave for this that is currently using 4 IPs to slave the views.   
> >> This
> >> works fairly well, except that the slave server is unable to handle
> >> NOTIFY from the master.  So when I do an update to a zone I have to
> >> stop the slave, delete it's cache files, and restart it.  The slave  
> >> is
> >> able to properly load zones, since it uses the correct IPs to  
> >> transfer
> >> the zones, and it gets the right views, all is well.
> >>
> >> I've read that BIND 9.3 can use TSIG for view selection, but all I've
> >> ben able to find is using TSIG for one view, and no TSIG for the  
> >> other
> >> view.  What I would like to do is configure four separate TSIG keys
> >> and do view selection based on which key is used.
> >>
> >> Is this possible?  And where can I find documentation on it?
> >
> > 	Yes.  Read the FAQ.
> >
> 
> I read the FAQ, and there was a question entitled "How to share a  
> dynamic zone between multiple views?" that seemed to get me most of  
> the way there.  I am now running my slave nameserver on one IP, and  
> zones transfers seem to work fine.  NOTIFY also seems to work for  
> every view but the external view.  This is somewhat perplexing to me.   
> Tomorrow I plan on turning on logging for NOTIFY to see if I can at  
> least determine what is going on.
> 
> If you have any tips or common gotchas feel free to let me know.
> 
> Thanks,
> 
> Josh Paetzel

	You need to make the notify go to the correct view by using
	appropriate server clauses at the view level.  It's a matter
	of making what the master sends match what the client expects.

	Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list