dynamic update of split view acl

2015-02-28 Thread Matt Calder 
I'm running BIND 9.9.5-3 on Ubuntu 14.04.1.

I'm trying to figure out how to change the match-clients prefixes in a view
without having to restart BIND or do full config reload. My actual BIND
config has many views and restarts can take several minutes.

Here is my simple test set up.















*view view1 {match-clients { 204.57.0.0/24
http://204.57.0.0/24; 204.57.5.0/24 http://204.57.5.0/24; };zone
domaintest.com http://domaintest.com/ in {type master;
file /etc/bind/view1.zone;};};view view2 {match-clients
{ 216.55.18.0/24 http://216.55.18.0/24; };zone domaintest.com
http://domaintest.com/ in {type master;file
/etc/bind/view2.zone;};};*


Say I move 204.57.0.0/24 from view1 to view2, my hope was that I could
simply do


*$ rndc reload domaintest.com http://domaintest.com/ in view1$ rndc
reload domaintest.com http://domaintest.com/ in view2*

and match-clients would also be updated but this doesn’t work. I increment
the serial of view1.zone and view2.zone, but 204.57.0.0/24 is still matched
by view1. Is there any way to accomplish this?

Thanks,
Matt
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: dynamic update of split view acl

2015-02-28 Thread Matt Calder 
Hi Robert,

Thanks for the reply.

I also should have mentioned that this is for an authoritative DNS setup.
I'm evaluating different DNS options to support CDN-like testbed where, due
to Internet path changes/outages, I would ideally like the ability to
rapidly change where particular clients are directed. Appreciate any
additional suggestions!

Thanks,
Matt

On Sat, Feb 28, 2015 at 4:48 AM, Robert Senger rs-...@microscopium.de
wrote:

 Hi Matt,

 in my understanding, rndc reload zone in view reloads the zone
 file only, not the configuration where the matched-clients { }
 statement is listed. So, you'll have to run a full config reload if you
 change the matched-clients { } list.

 I just wonder why you want to move a client's ip from one view to the
 other?

 Cheers,

 Robert

  Am Samstag, den 28.02.2015, 04:27 -0800 schrieb Matt Calder:
  .57.0.0/24 is still matched
  by view1. Is there any way to accomplish this?

 --
 Robert Senger robert.sen...@microscopium.de
 PGP/GPG Public Key ID: 24E78B5E

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users