<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">On 10/18/2024 6:19 PM, Nick Tait via
bind-users wrote:<br>
</div>
<blockquote type="cite"
cite="mid:ba194dd7-86b6-4eec-9b2a-9ccd638c531a@tait.net.nz">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<div class="moz-cite-prefix">On 19/10/2024 05:50, Bowie Bailey via
bind-users wrote:<br>
</div>
<blockquote type="cite"
cite="mid:140774f6-9b90-4bd4-a877-3363b6504868@BUC.com">
<meta http-equiv="Content-Type"
content="text/html; charset=UTF-8">
<div class="moz-cite-prefix">On 10/18/2024 12:07 PM, Bob Harold
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CA+nkc8BOusQvo=hLTKRWioSfJA74WPwBw1gwLo5TtSC54d=1Rg@mail.gmail.com">
<meta http-equiv="content-type"
content="text/html; charset=UTF-8">
<div dir="ltr">
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Oct 18, 2024 at
11:33 AM Bowie Bailey via bind-users <<a
href="mailto:bind-users@lists.isc.org"
moz-do-not-send="true" class="moz-txt-link-freetext">bind-users@lists.isc.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
The first issue is that my server uses a few views to
give different IPs <br>
based on which network the request comes from. I found
that if I point <br>
the zones in the different views to the same key
directory, there are no <br>
errors and all views return the same keys when I test
with dig. So this <br>
appears to work. Are there any gotchas that might come
up with this setup?<br>
</blockquote>
<div> </div>
<div>I think this will work because the key files include
the zone name, so they will be unique.</div>
</div>
</div>
</blockquote>
</blockquote>
I've been doing the same for years and never had any issues.<br>
</blockquote>
<br>
Good to know.<br>
<br>
<blockquote type="cite"
cite="mid:ba194dd7-86b6-4eec-9b2a-9ccd638c531a@tait.net.nz">
<blockquote type="cite"
cite="mid:140774f6-9b90-4bd4-a877-3363b6504868@BUC.com">
<blockquote type="cite"
cite="mid:CA+nkc8BOusQvo=hLTKRWioSfJA74WPwBw1gwLo5TtSC54d=1Rg@mail.gmail.com">
<div dir="ltr">
<div class="gmail_quote">
<div> </div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
The second issue is that I have multiple zones that all
point to the <br>
same file since those domains all go to the same set of
servers. Right <br>
now, I am using the same zone file for all of them.
This works fine <br>
currently, but when I try to enable DNSSEC for those
domains, I get an <br>
error "writable file ... already in use". The simple
answer would be to <br>
make a unique file for each zone, however I would rather
keep a single <br>
file updated instead of having to make changes to all of
the individual <br>
files whenever something changes with those servers. So
far, the only <br>
other solution I've found is to manage the keys
manually, which seems to <br>
add quite a bit of complexity to the setup. Is there a
better way to do <br>
this?<br>
</blockquote>
<div><br>
</div>
<br>
</div>
</div>
</blockquote>
zone "test.com" {<br>
type master;<br>
file "db.test.com";<br>
};<br>
zone "test2.com" {<br>
type master;<br>
file "db.test.com";<br>
};<br>
<br>
I would like to have DNSSEC active on both domains, but since
they are sharing a file, Bind complains about it.<br>
</blockquote>
<p>If you are using Linux, I'd suggest looking at using filesystem
links so that you can have separate files that share the same
content. (See "man ln".)</p>
</blockquote>
<br>
That is an interesting idea. I'm familiar with hard links, but I
hadn't considered using them here. My other idea was copying one of
the zone files to a "master" file and then $INCLUDING that file in
each of the individual zone files. I'm not sure if bind will let me
put the SOA into an include. I'll do some testing on both options
later today and see what works.<br>
<br>
-- <br>
Bowie<br>
</body>
</html>