Reload only ACL
anandb at ripe.net
Mon Apr 25 20:57:20 UTC 2016
On 25/04/16 22:23, Ali Jawad wrote:
Hi Ali Jawad,
> I do have a very specific requirement for private/public zones and based on
> a user tool the users "hundreds in corporate environment" get either public
> or private zone, the tool simply writes to an ACL file, my problem is that
> the only way I found that does not flush the cache of the server and
> reloads the ACL is rndc reconfig, but that appears to stall the server for
> new queries "tested with dig" for a few moments, and given I have a change
> of ACL from a user every a few times per minute it is not very viable. Is
> there an alternative to doing this ? and/or a way to have BIND load the ACL
> dynamically ?
I'm not aware of any way to look up ACLs dynamically. However, a
configuration that involves reconfiguring BIND several times a minute
seems like a bad design. Can't you have pre-defined address ranges of
public or private zones, and just pre-configure these in BIND once?
Sometimes it helps to rethink your design.
More information about the bind-users