Re: Views configuration question.

Tom Diehl wrote:

>On Fri, 13 Aug 2004, Kevin Darcy wrote:
>
>
>
>>Tom Diehl wrote:
>>
>>
>>
>>>Hi all,
>>>
>>>I have a couple of zones that I host. The master is on a local machine and the
>>>slave is hosted remotely. In addition I have zones that are locally hosted
>>>slaves and the masters are hosted remotely. Both nameservers have both internal
>>>and external views. The question is, what is the correct way to handle the
>>>internal view of the zones for which I am a slave?
>>>
>>>For example if I have a config file that looks something like the following:
>>>
>>>view "rogueind" {
>>> match-clients { "internal";};
>>> recursion yes;
>>>
>>>zone "rogueind.com" in {
>>> type master;
>>> notify yes;
>>> file "rogueind.com.internal.db";
>>> allow-transfer {
>>> "internal";
>>> };
>>> };
>>>
>>>}
>>>
>>>
>>>view "external" {
>>> match-clients { "any"; };
>>> recursion no;
>>>
>>> zone "rogueind.com" in {
>>> type master;
>>> notify yes;
>>> file "rogueind.com.db";
>>> allow-transfer {
>>> "external";
>>> };
>>> };
>>>
>>> zone "stnhbr.com" in {
>>> type slave; masters { xxx.xxx.xxx.xxx; };
>>> notify no;
>>> file "cache/stnhbr.com.db";
>>> allow-transfer { "external"; };
>>> };
>>>
>>>};
>>>
>>>What is the correct way to handle the internal view of the stnhbr.com domain?
>>>Do I do it the way I have it above? I think this would just query the remote
>>>nameserver but what happens if the remote is unavailable?
>>>
>>>
>>>
>>As a recursive resolver, it will try to query any or all of the
>>nameservers which are published in the zone's NS records, including your
>>nameserver if it is published there.
>>
>>
>>
>>>If I add a stanza
>>>to the internal view for the stnhbr zone I do not think the zone transfers,
>>>notifies, etc will work properly given that the internal addresses will never
>>>match the external addresses.
>>>
>>>
>>>
>>>
>>A question: do you have multiple addresses on this box, or just one? If
>>
>>
>
>At this point in time 1 machine has multiple external addresses available
>but the other only has 1 external available. They both have multiple internal
>addresses available.
>
>
>
>>you have just one address, then perhaps the simplest thing to do is make
>>both views slaves of the stnhbr.com zone. This will incur some extra
>>zone-transfer overhead, unfortunately. If you want to avoid that
>>
>>
>
>I tried the above and it seems to work OK except that the internal zones
>never get the notifies so it waits for the refresh time to reload the zone.
>Since I am not doing dyndns updates I suppose that is not that much of a
>problem.
>
>
>
>>overhead, you could try adding an exception to the match-clients so that
>>when the nameserver instance queries *itself*, it gets the external
>>view. If you do that, though, you might want to change /etc/resolv.conf
>>on the box to point to 127.0.0.1, otherwise local processes will lose
>>the ability to resolve internal names.
>>
>>
>
>If I figure this out will notifies work? I will have to do some reading on
>this.
>
>
>
>>If you have multiple addresses on the box to play with, you could tinker
>>with query-source, transfer-source etc. to have the internal view be a
>>stealth slave from the external view for stnhbr.com. Be aware, however,
>>that whenever you make a slave to another slave, changes to the zone
>>could take up to twice the refresh time to propagate.
>>
>>
>
>Hummm, so are you saying that if I have a box with 2 ip addresses I could
>have the internal view updated by the external view of the same nameserver??
>If so would notifies work? If notifies work, doesn't that solve the problem
>of the delay in zone propagation?? If my assumptions are correct then that
>might solve my problem, since I could use multiple internal addresses.
>
You can tune NOTIFY a lot these days with also-notify, notify explicit,
notify-source and so forth.

>Another thought, what would happen if I made the internal view for stnhbr.com
>a master with the zonefile pointed at the same file that gets transferred
>by the external view. IOW the external and internal views would be pointed
>at cache/stnhbr.com.db. I think that updates to the zone might be slow but
>I am not sure if there are any other side effects.
>
No, that wouldn't work too well. Master zones never get refreshed unless
you explicitly reload them or restart/reload the whole nameserver.

- Kevin