Re: Run two copies of named from rc.conf?
Dan Nelson wrote: In the last episode (Nov 17), John De Boskey said: It would be nice if rc.conf could start a 2nd copy of named (split dns). Comments on the following simplistic patch? Just upgrade to bind 9 and set up two views. Much easier :) If bind 8 is going to stay in the tree for the forseeable future, being able to start N named's from rc.conf would be desirable (if only for those who like to use as much of the utils in the base system as possible). In case there are plans to go to bind 9 that work would be worthless. Are there plans ... ? hellmuth -- Hellmuth MichaelisHamburg, Europe[EMAIL PROTECTED]www.kts.org There is a difference between an open mind and a hole in the head. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Run two copies of named from rc.conf?
On 19-Nov-2002 (04:06:22/GMT) John De Boskey wrote: I need to kick off 2 name servers. The first is authoritive for the domain as seen externally and the 2nd which is authoritive for the internal network. I have only one named running, SOA for torrini.org for external and internal host and SOA for torrini.home for internal only host. It use allow-transfer/allow-query pair into named.conf and it is up and running on a 4.x machine from about an year. Hope this can help. Riccardo. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Run two copies of named from rc.conf?
In the last episode (Nov 17), John De Boskey said: It would be nice if rc.conf could start a 2nd copy of named (split dns). Comments on the following simplistic patch? Just upgrade to bind 9 and set up two views. Much easier :) -- Dan Nelson [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Run two copies of named from rc.conf?
At 9:15 PM -0800 2002/11/17, Juli Mallett wrote: Or at least abstracting it in such a way that it doesn't get in anyone's way, and so it won't trigger the what if I need N where N2 case, and in some meaningful way... Like maybe using a named_configs lists, and start one named for each config, or something. Yeah, I was definitely thinking of a much more general solution. IMO, the switch should either be One or Many, with perhaps an easy way to degenerate a Many solution to more easily serve the One case. -- Brad Knowles, [EMAIL PROTECTED] They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++): a C++(+++)$ UMBSHI$ P+++ L+ !E W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+() DI+() D+(++) G+() e++ h--- r---(+++)* z(+++) To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Run two copies of named from rc.conf?
At 10:01 PM -0800 2002/11/17, Terry Lambert wrote: Interior and exterior DNS is a useful case; however, there are multiple ways to set it up; in general, it's not possible to have interior authoritative DNS at the same time you have exterior authoritative DNS (this was a mistake we made on the InterJet, for a long time), without modifying the DNS server to forward requests for which it has incomplete information (e.g. the PNS draft RFC I wrote). It depends on how you do it. You could $INCLUDE the exterior file inside the interior file, if that subset of information is the same. You could also use BIND 9 views. Otherwise, split-horizon can be a pain. -- Brad Knowles, [EMAIL PROTECTED] They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++): a C++(+++)$ UMBSHI$ P+++ L+ !E W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+() DI+() D+(++) G+() e++ h--- r---(+++)* z(+++) To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Run two copies of named from rc.conf?
Brad Knowles wrote: It depends on how you do it. You could $INCLUDE the exterior file inside the interior file, if that subset of information is the same. You could also use BIND 9 views. Otherwise, split-horizon can be a pain. If you have a LAN behind a transient network connection, and you want your LAN to function without degradation as a result of losing the link (Who ever heard of DSL going out?), then you want to have your on site DNS server be authoritative. But. If you are transiently connected, then if the on site DNS server is authoritative, then there is no way to look up externally hosted services via DNS, unless the external DNS, also a hosted service, and therefore not transiently connected, is authoritative. One potential answer to this is that the external DNS is a secondary of a stealth primary running at your local site. However, this has the unfortunate effect that a persistant outage will become a general outage, should it last longer than the TTL for the externally visible records. In addition, there are no NOTIFY updates sent to the secondaries, if the primary is offline when it is updated. In addition, making the primary MX on site means a 3 minute delay on all external mail send attempts to the site domain(s)., as the connection attempt times out and falls back to the secondaries, which are externally hosted. Finally, externally hosted resources may require changes as the actual facilities are changed around. This includes relocation of primary and secondary external MX's, relocation of web services, relocation of database and other outsourced services, relocation of shopping cart services, etc.. This may include relocation of the primary IP address of the customer site, which would also require a change to the IP address configured into the secondaries of the stealth primaries. Basically, what this boils down to is that you are never fully authoritative for a domain for which there exist externally hosted services, and such services must have priority ofver transiently connected services. For this to work, you have to have a DNS server that's external (hosted, and therefore always available), as well as being seen to be authoritative. For local authority, then, you must delegate authority, without delegating it as a subdomain, to the external server. The easiest way to do this is to, on a local lookup miss, forward the request to an external server, even if you are the authoritative server, AND to replicate local DNS information to the external authoritative server, as well. DNS does not support this right now, even with BIND 9's views. The entire point of people coming onto the Internet for the first time is to make themselves appear real, clueful, etc., and that means a virtual non-transient connection, which basically means external hosting of visible services by a third party, so that it looks like the company has a full time Internet connection, rather than looking like a Mom and Pop with only a dialup or other transient connection. Yeah, that doesn't sit very well with you, if you are a company who wants to sell one server to each of 100 customers, rather than 6 servers to a hosting provider, but tough: there's no law that requires me to protect your business model, unless you are a member of the music or motion picture industry, and have bribed enough senators. -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Run two copies of named from rc.conf?
Brad Knowles wrote: Sorry, I wasn't think of transient networks. Indeed, that does make things a lot uglier. I'll have to think some more about all the various implications, however. One of the draft RFC's in the FTP directory I referenced is a Best Current Practices document. -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Run two copies of named from rc.conf?
- Terry Lambert's Original Message - Brad Knowles wrote: Sorry, I wasn't think of transient networks. Indeed, that does make things a lot uglier. I'll have to think some more about all the various implications, however. One of the draft RFC's in the FTP directory I referenced is a Best Current Practices document. This an interesting thread, but it seems to be getting a bit off target. I need to kick off 2 name servers. The first is authoritive for the domain as seen externally and the 2nd which is authoritive for the internal network. The internal forwards to the external when appropriate. These networks are not transient. -John -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Run two copies of named from rc.conf?
John De Boskey wrote: This an interesting thread, but it seems to be getting a bit off target. I need to kick off 2 name servers. The first is authoritive for the domain as seen externally and the 2nd which is authoritive for the internal network. The internal forwards to the external when appropriate. These networks are not transient. Then you want a single BIND 9 install with two views, one bound to the internal IP, the other to the external. You don't want what I've suggested. And You don't want what you originally asked for. 8-). -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Run two copies of named from rc.conf?
At 4:41 PM -0800 2002/11/18, Terry Lambert wrote: But. If you are transiently connected, then if the on site DNS server is authoritative, then there is no way to look up externally hosted services via DNS, unless the external DNS, also a hosted service, and therefore not transiently connected, is authoritative. Sorry, I wasn't think of transient networks. Indeed, that does make things a lot uglier. I'll have to think some more about all the various implications, however. -- Brad Knowles, [EMAIL PROTECTED] They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++): a C++(+++)$ UMBSHI$ P+++ L+ !E W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+() DI+() D+(++) G+() e++ h--- r---(+++)* z(+++) To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Run two copies of named from rc.conf?
It would be nice if rc.conf could start a 2nd copy
of named (split dns). Comments on the following simplistic
patch?
-John
cvs diff: Diffing src/etc
Index: src/etc/rc.network
===
RCS file: /home/ncvs/src/etc/rc.network,v
retrieving revision 1.138
diff -u -r1.138 rc.network
--- src/etc/rc.network 2 Nov 2002 08:21:26 - 1.138
+++ src/etc/rc.network 18 Nov 2002 04:22:00 -
@@ -24,7 +24,7 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $FreeBSD$
+# $FreeBSD: src/etc/rc.network,v 1.138 2002/11/02 08:21:26 ume Exp $
# From: @(#)netstart 5.9 (Berkeley) 3/30/91
#
@@ -561,6 +561,11 @@
case ${named_enable} in
[Yy][Ee][Ss])
echo -n ' named'; ${named_program:-named} ${named_flags}
+ ;;
+ esac
+ case ${named_enable2} in
+ [Yy][Ee][Ss])
+ echo -n ' named'; ${named_program2:-named}
${named_flags2}
;;
esac
cvs diff: Diffing src/etc/defaults
Index: src/etc/defaults/rc.conf
===
RCS file: /home/ncvs/src/etc/defaults/rc.conf,v
retrieving revision 1.163
diff -u -r1.163 rc.conf
--- src/etc/defaults/rc.conf15 Nov 2002 08:26:36 - 1.163
+++ src/etc/defaults/rc.conf18 Nov 2002 04:25:01 -
@@ -13,7 +13,7 @@
#
# All arguments must be in double or single quotes.
#
-# $FreeBSD$
+# $FreeBSD: src/etc/defaults/rc.conf,v 1.163 2002/11/15 08:26:36 ru Exp $
##
### Important initial Boot-time options
@@ -140,6 +140,10 @@
# components of named. See /etc/rc.d/named.
named_symlink_enable=YES # Symlink /var/run/named.pid and /var/run/ndc
# to their chrooted counterparts.
+
+named_enable2=NO # Run a 2nd copy of named?
+named_program2=/usr/sbin/named
+named_flags2=-u bind -g bind
#
# kerberos. Do not run the admin daemons on slave servers
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-current in the body of the message
Re: Run two copies of named from rc.conf?
John De Boskey wrote: It would be nice if rc.conf could start a 2nd copy of named (split dns). IMO, running two named's on the same box is an edge case, and not likely to be attractive to the majority of our userbase. I think you might be better off with something in /usr/local/etc/rc.d. Doug -- We have known freedom's price. We have shown freedom's power. And in this great conflict, ... we will see freedom's victory. - George W. Bush, President of the United States State of the Union, January 28, 2002 Do YOU Yahoo!? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Run two copies of named from rc.conf?
* De: Doug Barton [EMAIL PROTECTED] [ Data: 2002-11-17 ] [ Subjecte: Re: Run two copies of named from rc.conf? ] John De Boskey wrote: It would be nice if rc.conf could start a 2nd copy of named (split dns). IMO, running two named's on the same box is an edge case, and not likely to be attractive to the majority of our userbase. I think you might be better off with something in /usr/local/etc/rc.d. Or at least abstracting it in such a way that it doesn't get in anyone's way, and so it won't trigger the what if I need N where N2 case, and in some meaningful way... Like maybe using a named_configs lists, and start one named for each config, or something. -- Juli Mallett [EMAIL PROTECTED] OpenDarwin, Mono, FreeBSD Developer. ircd-hybrid Developer, EFnet addict. FreeBSD on MIPS-Anything on FreeBSD. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Run two copies of named from rc.conf?
John De Boskey wrote: It would be nice if rc.conf could start a 2nd copy of named (split dns). Comments on the following simplistic patch? Interior and exterior DNS is a useful case; however, there are multiple ways to set it up; in general, it's not possible to have interior authoritative DNS at the same time you have exterior authoritative DNS (this was a mistake we made on the InterJet, for a long time), without modifying the DNS server to forward requests for which it has incomplete information (e.g. the PNS draft RFC I wrote). See the files in: ftp://ftp.whistle.com/pub/terry/drafts/ for details. -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
