<div><br></div><div>I'm looking for a best practice to keep zone data across multiple views on multiple servers sync ... Right now I'm struggling with updates making it to some zones, and not others. Any and all help welcome. I realize this isn't a simple configuration so even partial answers may help me get things fixed. I'm greatful for any help!</div>
<div><br></div><div>Questions, given configuration information below:</div><div> 1) Is there a better practice to serve 100% the same authoritative data in two views, but block recursion, cache use, and out of zone data?</div>
<div> -- eg, can i eliminate one of my views (mypublicboxes and others) below and match the functionality?</div><div> 2) What's the best way to keep zone data synced between zones on the same box?</div><div>
-- I am using the server line in one view to specify the key for my other view when notifying (per faq)</div><div> -- should that second view's zones be defined as slaves, or can i get away with using the same include and zone file, just using notify to reload it (which seems to work)?</div>
<div> 3) What's the best practice to keep an identical view set on a 100% slave server?</div><div> -- I am using rndc addzone to add the zone to each view, specifying the key that matches the zone in the masters definition</div>
<div> -- zone
<a href="http://a.example.com">a.example.com</a> {type slave; file "slaves/myprivateboxes/<a href="http://a.example.com">a.example.com</a>"; masters { xxx.xxx.xxx.xxx key inside-key;}; };</div><div><div> -- zone <a href="http://a.example.com">a.example.com</a> {type slave; file "slaves/mypublicboxes/<a href="http://a.example.com">a.example.com</a>"; masters { xxx.xxx.xxx.xxx key outside-key;}; };</div>
-- zone <a href="http://a.example.com">a.example.com</a> {type slave; file "slaves/others/<a href="http://a.example.com">a.example.com</a>"; masters { xxx.xxx.xxx.xxx key others-key;}; };<br class="Apple-interchange-newline">
</div><div><br></div><div><br></div><div>Example Configuration</div><div>---------------------------------</div><div>* Given three views on one server as defined below</div><div><div> - All three views serve my public zones</div>
<div> - The first view serves some additional zones containing just rfc1918 addresses [not available to everyone lest i pollute dns]</div></div><div><div> - The only difference between the last two views (the two without private addressing) is in what work we are willing to do/answer based on the querying client</div>
<div><br></div><div>* Two servers exist, one with the master data as defined below, and one that slaves *everything* off the master by way of notifies and the rndc addzone lines above.</div></div><div><div><br></div><div>
<div><div>view "myprivateboxes" {</div><div> match-clients { key inside-key; pvt-nets; };</div><div><br></div><div><div> # Support delivering notifications to the mypublicboxes view</div><div> server x.x.x.x { keys notify-outside-key; }; // x.x.x.x is MY ip, because i'm telling the second view on the same box</div>
</div><div><br></div><div> recursion yes; // Allow recursive lookups</div><div> allow-query { my-networks; localhost; }; // All my networks can query this view</div>
<div> allow-query-cache { my-networks; localhost; }; // All my networks can query this view's cache</div><div> allow-transfer { authorized-nameservers; }; // allow nameserver transfers as necessary</div>
<div> include "include/named.hint.zone"; // load root zone hints</div><div> include "include/named.rfc1912.zones"; // load rfc1912 zones</div><div><br></div></div>
<div> include "include/myprivate.zones";</div><div> include "include/mypublic.zones";</div><div>}</div><br class="Apple-interchange-newline"></div><div>view "mypublicboxes" {</div>
<div> match-clients { key outside-key; key notify-outside-key; pub-nets; };</div><div><br></div><div> recursion yes; // Allow recursive lookups</div><div> allow-query { my-networks; localhost; }; // All my networks can query this view</div>
<div> allow-query-cache { my-networks; localhost; }; // All my networks can query this view's cache</div><div> allow-transfer { authorized-nameservers; }; // allow nameserver transfers as necessary</div>
<div> include "include/named.hint.zone"; // load root zone hints</div><div> include "include/named.rfc1912.zones"; // load rfc1912 zones</div><div><br></div></div>
<div> include "include/mypublic.zones";</div><div>}</div><div><br></div><div><div>view "others" {</div><div> match-clients { any; key others-key; }; // Any client that didn't match other views ends up here</div>
<div><br></div><div> recursion no; // No recursion</div><div> allow-query { any; }; // Any client can do individual query requests</div>
<div> allow-query-cache { none; }; // No external client can use our cache</div><div> allow-transfer { authorized-nameservers; }; // allow nameserver transfers as necessary</div>
<div><br></div><div> # No out of zone data</div><div> additional-from-auth no;</div><div> additional-from-cache no;</div></div><div><div><br></div><div> include "include/mypublic.zones";</div>
<div>}</div></div>