Re: Puzzling scenario involving views
This is a discussion on Re: Puzzling scenario involving views within the Bind Users forums, part of the DNS and Related Forums category; My apologies, didn't shoot to the list On Mon, Aug 16, 2004 at 10:34:13PM -0400, Kevin Darcy ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-17-2004
|
|||
|
|||
Re: Puzzling scenario involving views
My apologies, didn't shoot to the list
On Mon, Aug 16, 2004 at 10:34:13PM -0400, Kevin Darcy wrote: > Peter Rabbitson wrote: > > >Hello list, > >I have a bind9 serving the domain example.com, with a secondary backup dns > >(secondary.com) at a remote location. I wanted to achieve redundancy of > >both domains provided to each other (example.com has secondary.com as > >2nd NS, and vice versa), and at the same time I wanted to define internal > >and external views in example.com for internal network naming purposes. I > >got it working fairly quick with the example below, however here is my > >problem: members of the insiders acl would not receive an AA answer when > >inquiring about secondary.com. > > > Is this important? I have yet to find an application that cares about > the setting of the AA bit. > The AA bit is not important however the WAN overhead is: When members of internal query for secondary.com the name server performs the whole 9 yards of querying the root, then the bind at secondary.com. Granted it caches the obtained entry for some time, however it will eventually ask again after a couple of days. So what originally made me ask this question was why bind does not do some kind of loopback lookup - after all it IS authoritative for secondary.com. Either way I completely understand the model you are suggesting with the "no second opinion" clause. In this case I assume I could do the following, both reducing AXFR transactions to 1 and retaining authoritativity: acl "insiders" { 192.168.0.0/24; 127.0.0.1; }; acl "secondary" { xxx.xxx.xxx.xxx; }; view "internal" { match-clients { insiders; }; zone "secondary.com" { type master; file "slave.secondary.com"; notify no; masters { xxx.xxx.xxx.xxx; }; }; }; view "external" { match-clients { any; }; zone "secondary.com" { type slave; file "slave.secondary.com"; masters { xxx.xxx.xxx.xxx; }; }; }; Or is this a bad idea...? If it is I guess next choice is to have slave.secondary.com.internal and slave.secondary.com.external and 2 transactions per AFXR. 
|
Linear Mode
