Split DNS(view configuration)
Hi, There is a question though Split DNS(view configuration) is used. In the case of the structure such as the following, --- --- The zone is forwarded only to View internal because it matches it internal. I want to forward hoge.zone of BIND1 to both hoge.zone that uses View configuration of BIND2. Are there any methods? --- maru ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Split DNS(view configuration)
Thank you for reply.
I am sorry that I cannot explain that well.
is master(Example IP:AAA.AAA.AAA.AAA) config.
zone hoge.com IN {
type master;
file hoge.zone;
notify yes;
also-notify {
BBB.BBB.BBB.BBB;
};
allow-transfer {
BBB.BBB.BBB.BBB;
};
};
is slave(Example IP:BBB.BBB.BBB.BBB) config.
viewinternal {
match-clients{
XXX.XXX.XXX.XXX;
};
recursion yes;
zone . IN {
type hint;
file named.ca;
};
zone hoge.com IN {
type slave;
masters {
AAA.AAA.AAA.AAA;
};
file hoge.zone_slave;
};
};
viewexternal {
match-clients{
YYY.YYY.YYY.YYY;
};
zone . IN {
type hint;
file named.ca;
};
recursion no;
zone hoge.com IN {
type slave;
masters {
AAA.AAA.AAA.AAA;
};
file hoge.zone_slave;
};
};
The record is changed by this setting.
Before changing the record:
www IN A 192.168.1.1
After changing the record:
www IN A 10.10.10.10
The zone of hoge.zone is updated with the mastering server.
(rndc reload hoge.com)
** master bind log
general: info: received control channel command 'reload hoge.com'
general: info: zone hoge.com/IN: loaded serial 2014051901
notify: info: zone hoge.com/IN: sending notifies (serial 2014051901)
xfer-out: info: client BBB.BBB.BBB.BBB#47180 (hoge.com): transfer of '
hoge.com/IN': AXFR-style IXFR started
xfer-out: info: client BBB.BBB.BBB.BBB#47180 (hoge.com): transfer of '
hoge.com/IN': AXFR-style IXFR ended
** slave bind log
notify: info: client AAA.AAA.AAA.AAA#4333: view external: received notify
for zone 'hoge.com'
general: info: zone hoge.com/IN/external: Transfer started.
xfer-in: info: transfer of 'hoge.com/IN/external' from AAA.AAA.AAA.AAA#53:
connected using BBB.BBB.BBB.BBB#57103
general: info: zone hoge.com/IN/external: transferred serial 2014051901
xfer-in: info: transfer of 'hoge.com/IN/external' from AAA.AAA.AAA.AAA#53:
Transfer completed: 1 messages, 20 records, 448 bytes, 0.031 secs (14451
bytes/sec)
notify: info: zone hoge.com/IN/external: sending notifies (serial
2014051901)
** dig checks
From source XXX.XXX.XXX.XXX
dig @BBB.BBB.BBB.BBB www.hoge.com +short
192.168.1.1
From source YYY.YYY.YYY.YYY
dig @BBB.BBB.BBB.BBB www.hoge.com +short
10.10.10.10
The content of internal view is not updated even if it updates record.
I want to let both view reflect an update record by zonal transfer.
Cannot the thing reflected even if reload is not done be done though it is
reflected when reload is executed with slave?
2014-05-19 22:52 GMT+09:00 Tony Finch d...@dotat.at:
Techs_Maru tec...@gmail.com wrote:
The zone is forwarded only to View internal because it matches it
internal.
I want to forward hoge.zone of BIND1 to both hoge.zone that uses View
configuration of BIND2.
I am not sure if I understand exactly what you want. A common way to
choose what view to use is with TSIG keys - see for example
http://blog.hudecof.net/posts/2014/02/07/bind9-with-views-and-tsig-axfr.html
This works for slaved zones but not for forwarding.
Tony.
--
f.anthony.n.finch d...@dotat.at http://dotat.at/
Northwest Shannon, Rockall, Malin, Southwest Hebrides: Northeasterly 4 or 5
increasing 5 to 7, perhaps gale 8 later except in southeast Malin.
Moderate or
rough, becoming rough or very rough in Rockall and northwest Shannon. Rain
or
thundery showers. Good, occasionally poor.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Split DNS(view configuration)
Techs_Maru tec...@gmail.com wrote:
viewinternal {
recursion yes;
zone . IN { ... };
I think it is better to use named's built-in root hints, so you don't need
to explicitly configure this.
zone hoge.com IN {
type slave;
masters { AAA.AAA.AAA.AAA; };
file hoge.zone_slave;
};
};
viewexternal {
zone hoge.com IN {
type slave;
masters { ... };
file hoge.zone_slave;
You must not share slave zone files between zones.
};
};
The content of internal view is not updated even if it updates record.
I want to let both view reflect an update record by zonal transfer.
Use a different TSIG key for each view in the slave. Include each key in
the match-clients clause of each view. Include both keys in the
also-notify clause on the master.
Tony.
--
f.anthony.n.finch d...@dotat.at http://dotat.at/
Sole: Variable 3 or 4, becoming northerly or northeasterly 5 or 6 for a time
in far west. Moderate or rough. Thundery showers. Moderate or good,
occasionally poor in east.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Default BIND query timeouts
I am looking at some scripts that use IO::Socket::INET and IO::Select for testing BIND. UDP sockets are created use use IO::Socket::INET and sockets are polled via IO::Select at 6-second interval. my $sock = IO::Socket::INET-new( PeerHost = $server, PeerPort = $port, Proto = $protocol, Blocking = 0, I'd like to know what the timeout is for the queries. Thanks, Shawn ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Default BIND query timeouts
If a client sends a recursive query to the BIND instance, and that instance needs to fetch the answer from one or more other upstream sources, then my understanding is that the resolver-query-timeout global option (see the BIND docs) controls the timeout for each one of those upstream transactions. Default value is 10 seconds. Does that answer your question? - Kevin On 5/19/2014 6:15 PM, Shawn Zhou wrote: I am looking at some scripts that use IO::Socket::INET and IO::Select for testing BIND. UDP sockets are created use use IO::Socket::INET and sockets are polled via IO::Select at 6-second interval. my $sock = IO::Socket::INET-new( PeerHost = $server, PeerPort = $port, Proto= $protocol, Blocking = 0, I'd like to know what the timeout is for the queries. Thanks, Shawn ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Default BIND query timeouts
What about non-recursive queries? In particular case, our test queries are non-recursive and we expect the name server should have answers. We are sending test host with very high query rate so BIND may be too busy to respond to all the queries. On Monday, May 19, 2014 4:25 PM, Kevin Darcy k...@chrysler.com wrote: If a client sends a recursive query to the BIND instance, and that instance needs to fetch the answer from one or more other upstream sources, then my understanding is that the resolver-query-timeout global option (see the BIND docs) controls the timeout for each one of those upstream transactions. Default value is 10 seconds. Does that answer your question? - Kevin On 5/19/2014 6:15 PM, Shawn Zhou wrote: I am looking at some scripts that use IO::Socket::INET and IO::Select for testing BIND. UDP sockets are created use use IO::Socket::INET and sockets are polled via IO::Select at 6-second interval. my $sock = IO::Socket::INET-new( PeerHost = $server, PeerPort = $port, Proto = $protocol, Blocking = 0, I'd like to know what the timeout is for the queries. Thanks, Shawn ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
