There are some caveats to trying to use "interface-interval" to pick up new IPs. If your BIND drops privileges (e.g., by using the "-u" command-line option to named), you might have a problem getting BIND to bind() to the new IP addresses.
For example, on FreeBSD if you use "-u" to drop privileges, BIND will not be able to bind() to new addresses without modifying the kernel to allow non-root users to bind() to port 53. On modern versions of Linux, BIND can bind() to new IP addresses even with the "-u" option because the kernel has a mechanism to allow it. In my environment (FreeBSD) we've worked around this problem (just recently, in fact), and I can provide more details if there's any interest. On Jan 10, 2012, at 11:42 AM, michoski wrote: > On 1/9/12 5:12 PM, "Bostjan Skufca" <bost...@a2o.si> wrote: >> is binding to all interfaces at once already supported in bind9? I know named >> binds to each at-the-moment-available IP address but in HA environment with >> virtual interfaces a "rndc reload" is necessary for named to pick up a new >> interface, which leaves a bit of a window of unavailable service. > > According to Bv9ARM.pdf p67 listen-on-v6 { any; }; does a wildcard bind on > supporting systems, while listen-on { any; }; behaves as you describe: > > OPS:55 mhosk...@dev-ops-test1.vega:~$ grep listen-on /etc/namedb/named.conf > listen-on { any; }; > listen-on-v6 { any; }; > > OPS:56 mhosk...@dev-ops-test1.vega:~$ netstat -an|grep 53 > tcp 0 0 10.8.36.47:53 0.0.0.0:* > LISTEN > tcp 0 0 127.0.0.1:53 0.0.0.0:* > LISTEN > tcp 0 0 127.0.0.1:953 0.0.0.0:* > LISTEN > tcp 0 0 :::53 :::* > LISTEN > tcp 0 0 :::5308 :::* > LISTEN > udp 0 0 10.8.36.47:53 0.0.0.0:* > udp 0 0 127.0.0.1:53 0.0.0.0:* > udp 0 0 :::53 :::* > > However (I usually just set it to 0), the caveat you might have missed is > that you can control how often (if at all) BIND rescans the list of > available interfaces (ARM p73): > > "The server will scan the network interface list every interface-interval > minutes. The default is 60 minutes. The maximum value is 28 days (40320 > minutes). If set to 0, interface scanning will only occur when the > configuration file is loaded. After the scan, the server will begin listen- > ing for queries on any newly discovered interfaces (provided they are > allowed by the listen-on configuration), and will stop listening on > interfaces that have gone away." > > Setting interface-interval to a reasonably low value should keep you from > needing to rndc reconfig/reload. > > http://www.isc.org/software/bind/documentation > > -- > Don't worry about avoiding temptation -- as you grow older, it starts > avoiding you. -- The Old Farmer's Almanac > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users