On 06/24/11 08:22, Brian J. Murrell wrote:
I am using BIND 9.7.2-P2.
I have two views, one "internal" and one for "external" queries. In
both of those views I have some zones which are common so I put them
into their own file "zones.common" and include that file in both of the
views.
The problem I am having is that when I make a dynamic update to a common
zone, only the internal view sees that change. External queries still
return the data prior to the update. If I restart the server, then
external queries get the updated data.
To provide an (excerpted, for brevity) example...
---- zones.common ----
zone "rbl.interlinx.bc.ca" {
type master;
file "/etc/bind/master/rbl.interlinx.bc.ca.zone";
allow-update { ... };
allow-transfer { ... };
allow-query { any; };
};
---- zones.common ----
---- named.conf ----
view "trusted" {
match-clients { trusted_networks; }; // our internal networks
...
include "/etc/bind/zones.common";
...
zone "interlinx.bc.ca" {
type master;
file "/etc/bind/master/interlinx.bc.ca.zone";
allow-update { ... };
allow-query { ... };
allow-transfer { ... };
};
...
};
view "greatunwashed" {
match-clients { any; }; // all others hosts
...
include "/etc/bind/zones.common";
allow-query { great_unwashed_allowed_query; };
zone "interlinx.bc.ca" {
type slave;
file "/etc/bind/slave/interlinx.bc.ca.zone";
masters { ... };
allow-query { any; };
};
};
---- named.conf ----
To demonstrate, given the above configuration:
greatunwashed_host $ host 1.2.3.4.rbl.interlinx.bc.ca.
Host 1.2.3.4.rbl.interlinx.bc.ca not found: 3(NXDOMAIN)
trusted_host $ host 1.2.3.4.rbl.interlinx.bc.ca.
Host 1.2.3.4.rbl.interlinx.bc.ca. not found: 3(NXDOMAIN)
dns_server $ nsupdate
server localhost
zone rbl.interlinx.bc.ca.
update add 1.2.3.4.rbl.interlinx.bc.ca 60 A 127.0.0.2
send
trusted_host $ host 1.2.3.4.rbl.interlinx.bc.ca.
1.2.3.4.rbl.interlinx.bc.ca has address 127.0.0.2
greatunwashed_host $ host 1.2.3.4.rbl.interlinx.bc.ca.
Host 1.2.3.4.rbl.interlinx.bc.ca not found: 3(NXDOMAIN)
dns_server # /usr/sbin/rndc reload
server reload successful
trusted_host $ host 1.2.3.4.rbl.interlinx.bc.ca.
1.2.3.4.rbl.interlinx.bc.ca has address 127.0.0.2
greatunwashed_host $ host 1.2.3.4.rbl.interlinx.bc.ca.
Host 1.2.3.4.rbl.interlinx.bc.ca not found: 3(NXDOMAIN)
dns_server # service bind9 restart
* Stopping domain name service... bind9
...done.
* Starting domain name service... bind9
...done.
trusted_host $ host 1.2.3.4.rbl.interlinx.bc.ca.
1.2.3.4.rbl.interlinx.bc.ca has address 127.0.0.2
greatunwashed_host $ host 1.2.3.4.rbl.interlinx.bc.ca.
1.2.3.4.rbl.interlinx.bc.ca has address 127.0.0.2
As you can see, it took a complete server restart for the greatunwashed
view to get the zone update.
Is this expected behavior or a (known?) bug?
Cheers,
b.
It's expected behavior in a way. You are probably making this change in
the internal view and the internal named process knows about the change
and reloads the zone.
The external view's process is unaware of the change and does not reload.
1) You could send a periodic rndc reload to the external view process.
2) Since this appears to be an rbl zone, use rbldnsd instead of named to
serve this zone. Rbldnsd has code in it to auto-detect a change in the
zone file and will auto-reload. Rbldnsd is a tighter piece of code
designed not to be a general purpose piece of software, but a
specialized service. It takes fewer system resources for this purpose.
FYI, I have an internal rbl that I use here. I store the zone data in a
postgres sql database and do the updates to it there. The two hosts
that serve the data run rbldnsd. I have written perl scripts to
periodicly pull a copy of the database and parse that into text files
compatible with rbldnsd and move them into place. rbldnsd automagically
reloads the updated zone files.
Lyle Giese
LCR Computer Services, Inc.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
