On 11-06-24 01:47 PM, Evan Hunt wrote: > > Do the internal and external versions *both* need to be dynamic?
No, only the internal in fact.
> I'd expect it to work okay if you had only one of them dynamic, and
> sent periodic reload commands to the other one.
Yeah. I got the master/slave approach working with your suggestion
below as a model. I reversed the master/slave relationship however to
reflect that changes come from internal only.
I guess it's hoping for too much though to have the master sent notifies
to the slave given that master and slave are both on the same host, yes?
Hence your suggestion of "periodic reload commands"?
The data really does need to be quite in sync though. I'm not sure a
period of less than a second or two is going to be acceptable. :-(
> The master/slave approach really works better, though. Something like
> this:
>
> view internal {
> match-clients { !key example-key; localnets; };
> zone example.com {
> type slave;
> masters { localhost key example-key; }
> };
> };
>
> view external {
> match-clients { any; };
> zone example.com {
> type master;
> file "filename";
> update-policy { grant example-key zonesub ANY; };
> also-notify { 127.0.0.1; };
> };
> };
>
Cheers, and thanx much for all of that.
b.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
