Binding to non-local interfaces

Rob Foehl rwf at loonybin.net
Fri Oct 22 23:43:30 UTC 2010


On Sat, 23 Oct 2010, Terry Burton wrote:

> On Fri, Oct 22, 2010 at 9:30 PM, Rob Foehl <rwf at loonybin.net> wrote:
>> On Fri, 22 Oct 2010, Terry Burton wrote:
>>> Perhaps a simpler solution would be an rndc rescan-interfaces
>>> directive which provides immediate results whist avoiding the cost of
>>> reloading the zones?
>>
>> rndc reconfig does this without reloading (existing) zones.  That's probably
>> your best bet, as BIND's interface scanning is far too infrequent for this
>> sort of failover.
>
> Excellent. I should really have discovered that.

It's a bit subtle.  reconfig actually does most of what BIND does at 
startup, but this isn't readily apparent without reading the code.

> reconfig also appears to be robust in the sense that configuration
> syntax errors do not cause the daemon to exit.
>
> I am a little apprehensive about having to prod BIND in case that
> action compounds any problems, i.e. it would be embarrassing if the
> very mechanism designed to gloss over a transient network problem
> affecting one resolver were to clobber the remaining resolvers.
> However, I hope that this will prove unfounded.

I've been doing a lot of work around this lately.  The biggest caveat to 
reconfig is that it blocks the entire server (threaded or not) while it 
runs, which becomes something of a problem when the configuration includes 
more than a few thousand zones.  If you're below that scale, you should be 
fine; if not, well, I'm working on it... ;)

Definitely consider running BIND under some sort of supervision, either an 
intelligent init replacement (upstart or systemd on Linux, Solaris SMF, 
launchd on OS X, etc.) or a shell script that's at least as complete as 
'while :; do named -f; done' to try to keep it running if it dies for some 
transient reason, although this should be pretty rare.  I use something 
similar, along with an external process that actively runs queries and 
tries to kick the server progressively harder any time it goes silent, 
eventually giving up and yelling at us via monitoring as necessary.

-Rob


More information about the bind-workers mailing list