Re: named.conf splitting
Hello Noel Butler, Am 2012-02-18 11:25:10, hacktest Du folgendes herunter: If the OP is trying to avoid inline editing, does not the above become pointless? Yes, and the wish of the OP is my wish too! Still requires inline editing to remove the include /path/to/etc/zone1.conf, else named will have an error on reload. Right Being involved in the apache discussion I think I see where he wants to do, but I'm not sure if bind works like that. I like to see bind working like this ;-) (/me fires up dev box) ... OK, Nick, it will not do what you want. Perhaps this is better off as a feature request, and, one that makes sound sense to me, although I include one hosts.conf file and put all entries in that and like most are very happy that way, if people are including singular zone files from another include file, it would make far better sense, less messy too (I think) I think, the best would be the solution from apache, which read entire directories if the include ends with a /. How and where can I send this wish-list bug? Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux Internet Service Provider, Cloud Computing http://www.itsystems.tamay-dogan.net/ itsystems@tdnet Jabber linux4miche...@jabber.ccc.de Owner Michelle Konzack Gewerbe Strasse 3 Tel office: +49-176-86004575 77694 Kehl Tel mobil: +49-177-9351947 Germany Tel mobil: +33-6-61925193 (France) USt-ID: DE 278 049 239 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: named.conf splitting
While not _exactly_ what was asked for, rndc addzone and rndc delzone seem to be able to do what you want... Just an idea.. AlanC -- a...@clegg.com | 1.919.355.8851 signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
named.conf splitting
Hi, In a recent discussion on another list, it was discussed the pros and cons of splitting the main conf file to a per domain. In binds case it would be to /etc/named.d/*.conf So each zone would have a file in that directory containing only the relevant info eg: zone example.com { type master; allow-transfer { slavesdns; }; file example.com.signed; allow-query { any; }; allow-update { none; }; }; thats it, nothing more, rather than having 2000 entries in named.conf, we would have 2000 conf file to be read (yes in addition to the 2000 actual zone files. with apache it takes only 2 or so more seconds to start and reload doing it this way, so I know that bind will take longer, it has to with all those open/read/close files, at present bind starts up in about 9 seconds due 17K zones, so I'd imagine this would take even up to 15 seconds. My question is, has anyone done this with success or failure? Would a named developer know if its safe or detrimental to do this? or would it simply make no difference apart from the extra time for starts/reloads? (This came about on another list, because we load all hosts on apache in one file (2000 per box) recently something went wrong with sshfs during a transaction, and in deleting a vhost block it took out about 100 of them :) so we are looking at making things a bit more failsafe, my opinion is, if it can happen once, it can happen again, it could have happened to a zone file, but luckily only the web conf file. Thoughts anyone? Thanks Niki ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: named.conf splitting
Yes, it's quite possible to split named.conf into separate per-zone .conf files and then 'include' them back into named.conf. You can even put the list of include statements in a separate file, and then include that into named.conf. named.conf: options { [...] } include /path/to/etc/zones.conf; zones.conf: include /path/to/etc/zone1.conf; include /path/to/etc/zone2.conf; [...] I've seen this done with hundreds of thousands of zones. Performance does not seem to be significantly impacted by breaking up named.conf into included files. The loading time for named in this case will be dominated by the time load actual zones, which involves allocating memory and building a tree structure in memory. Use the latest versions of BIND for fastest loading of this number of zones. See Evan Hunt's blog posts on the topic: http://www.isc.org/community/blog/201107/major-improvement-bind-9-startup-performance http://www.isc.org/community/blog/201107/isc-bind-981b3-provides-startup-performance-improvements Regards, Chris Buxton BlueCat Networks On Feb 17, 2012, at 1:24 AM, Nick Edwards wrote: Hi, In a recent discussion on another list, it was discussed the pros and cons of splitting the main conf file to a per domain. In binds case it would be to /etc/named.d/*.conf So each zone would have a file in that directory containing only the relevant info eg: zone example.com { type master; allow-transfer { slavesdns; }; file example.com.signed; allow-query { any; }; allow-update { none; }; }; thats it, nothing more, rather than having 2000 entries in named.conf, we would have 2000 conf file to be read (yes in addition to the 2000 actual zone files. with apache it takes only 2 or so more seconds to start and reload doing it this way, so I know that bind will take longer, it has to with all those open/read/close files, at present bind starts up in about 9 seconds due 17K zones, so I'd imagine this would take even up to 15 seconds. My question is, has anyone done this with success or failure? Would a named developer know if its safe or detrimental to do this? or would it simply make no difference apart from the extra time for starts/reloads? (This came about on another list, because we load all hosts on apache in one file (2000 per box) recently something went wrong with sshfs during a transaction, and in deleting a vhost block it took out about 100 of them :) so we are looking at making things a bit more failsafe, my opinion is, if it can happen once, it can happen again, it could have happened to a zone file, but luckily only the web conf file. Thoughts anyone? Thanks Niki ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: named.conf splitting
+1 to all of Chris' suggestions, especially the bit about including one file in named.conf, and including the per-zone files in that file. Makes it much easier to update that file with a script, or what have you. hth, Doug On 02/17/2012 07:11, Chris Buxton wrote: Yes, it's quite possible to split named.conf into separate per-zone .conf files and then 'include' them back into named.conf. You can even put the list of include statements in a separate file, and then include that into named.conf. named.conf: options { [...] } include /path/to/etc/zones.conf; zones.conf: include /path/to/etc/zone1.conf; include /path/to/etc/zone2.conf; [...] I've seen this done with hundreds of thousands of zones. Performance does not seem to be significantly impacted by breaking up named.conf into included files. The loading time for named in this case will be dominated by the time load actual zones, which involves allocating memory and building a tree structure in memory. Use the latest versions of BIND for fastest loading of this number of zones. See Evan Hunt's blog posts on the topic: http://www.isc.org/community/blog/201107/major-improvement-bind-9-startup-performance http://www.isc.org/community/blog/201107/isc-bind-981b3-provides-startup-performance-improvements Regards, Chris Buxton BlueCat Networks On Feb 17, 2012, at 1:24 AM, Nick Edwards wrote: Hi, In a recent discussion on another list, it was discussed the pros and cons of splitting the main conf file to a per domain. In binds case it would be to /etc/named.d/*.conf So each zone would have a file in that directory containing only the relevant info eg: zone example.com { type master; allow-transfer { slavesdns; }; file example.com.signed; allow-query { any; }; allow-update { none; }; }; thats it, nothing more, rather than having 2000 entries in named.conf, we would have 2000 conf file to be read (yes in addition to the 2000 actual zone files. with apache it takes only 2 or so more seconds to start and reload doing it this way, so I know that bind will take longer, it has to with all those open/read/close files, at present bind starts up in about 9 seconds due 17K zones, so I'd imagine this would take even up to 15 seconds. My question is, has anyone done this with success or failure? Would a named developer know if its safe or detrimental to do this? or would it simply make no difference apart from the extra time for starts/reloads? (This came about on another list, because we load all hosts on apache in one file (2000 per box) recently something went wrong with sshfs during a transaction, and in deleting a vhost block it took out about 100 of them :) so we are looking at making things a bit more failsafe, my opinion is, if it can happen once, it can happen again, it could have happened to a zone file, but luckily only the web conf file. Thoughts anyone? Thanks Niki -- It's always a long day; 86400 doesn't fit into a short. Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: named.conf splitting
On Fri, 2012-02-17 at 07:11 -0800, Chris Buxton wrote: Yes, it's quite possible to split named.conf into separate per-zone .conf files and then 'include' them back into named.conf. You can even put the list of include statements in a separate file, and then include that into named.conf. named.conf: options { [...] } include /path/to/etc/zones.conf; zones.conf: include /path/to/etc/zone1.conf; include /path/to/etc/zone2.conf; [...] If the OP is trying to avoid inline editing, does not the above become pointless? Still requires inline editing to remove the include /path/to/etc/zone1.conf, else named will have an error on reload. Being involved in the apache discussion I think I see where he wants to do, but I'm not sure if bind works like that. (/me fires up dev box) ... OK, Nick, it will not do what you want. Perhaps this is better off as a feature request, and, one that makes sound sense to me, although I include one hosts.conf file and put all entries in that and like most are very happy that way, if people are including singular zone files from another include file, it would make far better sense, less messy too (I think) signature.asc Description: This is a digitally signed message part ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users