inline-signing a zone that exists in two views

Tony Finch dot at dotat.at
Tue May 9 10:15:06 UTC 2017


Gordon Messmer <gordon.messmer at gmail.com> wrote:
> On 05/08/2017 03:26 AM, Tony Finch wrote:

> > You can't have zones in different views (which sre by implication
> > different zones, or different versions of the same zone) pointing to the
> > same files on disk, because updates to one version will corrupt the other
> > version.
>
> Even if one of them is treated as read-only?

That won't work either because a static master zone won't read the journal
so it will be perpetually out of sync with the other version.

> > Make the second zone a clone of the first using the in-view option
> > instead.
>
> That looks like the right thing to do, but appears to be available only on
> bind 9.10+, and I'm supporting Red Hat servers with 9.9. Are there any
> solutions here, or do I need to roll my own packages until Red Hat catches up?

The classic solution is to make one view a slave of the other. Configure
the slave zone with `masters { localhost key my-tsig; };` and configure
the master view with `match-clients { key my-tsig; };`.

Another alternative (if one view is recursive) is to use a static-stub
zone.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Sole: East 5 or 6. Moderate, occasionally rough in south. Fair. Good.


More information about the bind-users mailing list