Split View DNS

Jay Ford jay-ford at uiowa.edu
Thu Mar 11 15:50:10 UTC 2010


On Thu, 11 Mar 2010, Matus UHLAR - fantomas wrote:
> On 11.03.10 10:06, Jason Gates wrote:
>> When using split view, can one point to the same file in both views?
>
> for master zones, yes, but you will have to reload it in all views
> explicitly (I think that server reload should take care of that)

Right.  A server reload will load all zones in all views.  You can also 
reload individual zones in individual zones:
    rndc reload <zone> <class> <view>
such as:
    rndc reload example.com in internal
    rndc reload example.com in external
to load zone "example com" in view "internal" & zone "example com" in view
"external".

For split zones with common data, I like to have a (usually small) zone file
for each view with the SOA RR & any view-specific data, each including a
(usually larger) file of data common to all views.  This avoids duplication
of data which are supposed to be the same & could otherwise get out of sync.
The common file doesn't have an SOA RR, so it's not a complete zone file, so
you have to refer to the view-specific files for the master files & when
doing named-checkzone.  (Pay attention to the origin in the included file,
explicitly specifying it with "@" if the first RR applies to the bare zone
name.)

I use directories for managing the files in each view.  On the master:
    Primary.internal for internal view files
    Primary.external for external view files
    Primary.common for files common to both views
On the slave:
    Secondary.internal for internal backup files
    Secondary.external for external backup files
(There is no Secondary.common because the slave tranfers whole zones in each
view, having no knowledge of how the zones were assembled on the master.)

> for slave zones, I'm afraid it's not possible. You will have either to fetch
> it two times from the master, or fetch from one view to another one...

Yes, if you want slaves to have the same split-view behavior, they will need
to transfer the zones in all views independently.  I use special TSIG keys
for this: the slaves use the special key for the view they want to get from
the master, while the master uses the special key to present the
corresponding view.  It's a little complicated, but it does the trick for me.

Note that the zones in each view are independent of zones in other views,
even if they happen to have the same zone name.

The master files are just loaded by named & not messed with (unless you're
doing dynamic update, in which case what I'm saying might not apply).  Thus,
you can have multiple zones loaded from the same file on the master.  (This
applies to other cases than just split-view, such is if you want the same
data in multiple IPv6 prefixes because they're laid onto the same net.)

The backup files on the slaves are written by named, so each (zone,view)
instance has to have its own file.

________________________________________________________________________
Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: jay-ford at uiowa.edu, phone: 319-335-5555, fax: 319-335-2951



More information about the bind-users mailing list