Feature request: "ip lists".
Mark Andrews
Mark_Andrews at isc.org
Tue May 10 00:29:47 UTC 2005
> When building large scale DNS infrastructure with lots of servers all
> over the place it becomes an absolut nightmare to maintain ever growing
> lists of also-notifies, several versions of masters directives, etc,
> etc.
>
> In the "incoming end" we have ACLs, i.e. we can use a more rational
> syntax for the various allow-* directives as there is already a src
> address to match against.
>
> But in the outbound direction (notifies, masters, etc) there is no
> equivalent.
>
> In one particular painful case we presently have 30+ very different
> IP-adresses in one giant also-notify clause repeated several times
> over. If I could replace all of that with a
>
> also-notify { myslaves; };
>
> and only define "myslaves" once I'd be much happier.
>
> Comments?
>
> Regards,
>
> Johan
>
> PS. Yes, I know that I can externalize the problem by building the
> config file with an external tool. We're doing that too, but I would
> still like to see this solved as it is a generic problem with a rather
> simple fix.
Well 9.3 supports masters lists.
Does setting also-notify at the global level and setting
empty also-notify clauses at the zone level help? I realise
that it is not perfect but inverting the problem sometimes
reduces the administrative load.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list