Configuration from files
Anand Buddhdev
anandb at ripe.net
Thu Mar 7 20:16:32 UTC 2013
On 07/03/2013 20:53, JINMEI Tatuya / 神明達哉 wrote:
> It could depend on details of your operation and configuration, but in
> my understanding BIND 10 currently doesn't have sufficient user
> interfaces to make it possible. Improving the operation interface is
> one of our TODOs, but right now we don't have a specific planned
> release for that feature.
>
> One thing that might be acceptable is to (re)distribute the
> b10-config.db file to the deployed server hosts and restart BIND 10.
If I copy the entire b10-config.db over, then server-specific
configuration, such as the IP addresses it has to listen on, would be
wrong. In BIND 9, I have a server-specific named.conf, which uses the
"include" directive to load in zone definitions, which can be identical
across multiple servers. BIND 10 wants to keep all configuration in
b10-config.db, so I can't see a way of doing includes.
> Out of curiosity, do these servers only load zones from a copied file
> (not via zone transfers)? Do they accept AXFR/IXFR queries?
I'm sorry I wasn't clear. The zones on these servers are configured as
slaves, so they do in fact XFR the zones in. However, if I have a
cluster of BIND 10 servers, I wouldn't want to connect to each server
with bindctl and add/remove the zones. That's cumbersome. And
error-prone. If say one server in the cluster is down for maintenance,
then it misses out on the add/remove command. My provisioning system has
to keep track of which servers it has contacted, and which ones not.
Instead, if the provisioning system just generates files containing zone
definitions, then I can have them synced out using
cfegine/puppet/ansible and call reconfig. If a server is down for
maintenance, that's okay, because when it does come up, the idempotent
configuration management will ensure that its configuration is brought
up to date to match its peers.
As a side note, BIND 9 already has the "rndc addzone" and "rndc delzone"
feature, but I don't use those features because they suffer from the
same problem as the current BIND 10 configuration system.
Regards,
Anand
More information about the bind10-users
mailing list