Delayed Zone Transfers?

Jiann-Ming Su su_js1 at yahoo.com
Mon Aug 6 19:14:34 UTC 2012 

> From: Phil Mayers <p.mayers at imperial.ac.uk>
> To: bind-users at lists.isc.org
> Cc: 
> Sent: Monday, August 6, 2012 2:37 PM
> Subject: Re: Delayed Zone Transfers?
> 
> On 08/06/2012 05:33 PM, Jiann-Ming Su wrote:
> 
>>  Yeah, I've wondered about views.  We went to views to work around a
>>  MTA config issue.  The weird zone transfer performance seem to have
>>  coincided with our transition to views.  Here's my named.conf, FWIW:
>> 
>>  view hc { include "/etc/named.zones";
>> 
>>  view all { include "/etc/named.zones";
> 
> You are "include"ing a set of zone defintions in two different views
> here. Since your example zone doesn't appear to be in the main file, I
> assume it's in the included file?
> 

That is correct.

> If so, this won't work, and will cause the problem you're seeing.
> Basically you've got two views trying to write two different zones to
> the same file and journal, but with distinct ideas of the in-memory contents. 
> Only one receives a notify and does IXFRs.
> 
> If you want a zone in two views, it must either be:
> 
> 1. A simple "type master" with no DDNS allowed, or
> 2. Written to different files
> 
> In addition, NOTIFY is like any other DNS packet, and specifically it goes into 
> a "view". This makes slaving a zone twice tricky - there is a recipie 
> in the FAQ using TSIG keys for this.
> 
>> 
>> 
>>  For the particular case I demonstrated in the previous email, I don't
>>  think views should have affected it as the default "all" view 
> should
> 
> Yes. But as per your *other* message, the notify (and therefore the IXFR) 
> happened in the "hc" view, so it's the one up-to-date:
> 
> 06-Aug-2012 11:20:36.575 notify: client 192.168.8.8#33456: view hc: received 
> notify for zone 'uts-sa.mydomain.ddns': TSIG 'dns1.mydomain.org'
> 
> The "all" view will have to wait until the SOA refresh timer expires, 
> which explains your delay in the zone updating.
> 
>>  have been hit.  And even the "hc" view, the data would be the 
> same as
>>  we're only "spoofing" for the specific psmtp.com mail hosts.
> 
> No. As above, this is not how views works with changing zone contents. You 
> can't write to the same file from two zones I'm afraid.

Man, thanks so much for the insight!  Given our DNS architecture, I think I can do what I want without views.

More information about the bind-users mailing list