rndc reconfig causing long timeouts
Kevin Darcy
kcd at daimlerchrysler.com
Mon Oct 3 21:42:31 UTC 2005
Sami Kerola wrote:
>01.10.2005 07:53, Brad Knowles <brad at stop.mail-abuse.org>:
>
>
>
>>At 11:19 PM -0400 2005-09-30, Dave Clark wrote:
>>
>>
>>
>>>I would be interested in learning if the BIND developers are
>>>making any plans towards a version of BIND that asyncronously
>>>replies to queries while reconfiging/reloading.
>>>
>>>
>
>[snip]
>
>
>
>>>It would be ideal if there was some way to use rndc to have
>>>BIND add or remove a single zone, but I have not thought of a
>>>practical implementation for this, so I have not made a formal
>>>feature suggestion.
>>>
>>>
>>Yeah, that's a much tougher problem. It's hard enough just to
>>get it to reload a given zone, or to do a "reconfig", or
>>whatever. Trying to use rndc to actually distribute the
>>configuration changes is going to be quite a challenge.
>>
>>
>
>I have experience of being administrator for master / secondaries
>of 14 000 zones. That's almost nothing compared to 171 000 zones.
>One of the problems is that secondaries has five different hidden
>masters, and that causes small configuration issues which perl
>scripts has solved. I admit that perl scripts & scp is not pretty
>solution, but they do the job.
>
>Is there even theoretical possibility, that zone configuration
>clause would be zone file alike? Basicly I need to transfer this
>kind of configurations to multiple hosts.
>
>zone "foobar.com" {
> type slave;
> file "/zones/foobar.com";
> masters { 123.123.123.123; };
>};
>
>If zone statement would be zone file alike axfr and ixfr could
>send right configuration to secondaries. Something like this.
>
>~ cat named.conf
>[...]
>zone secondary.config bind {
> type slave;
> file "/etc/zones.config";
> master { 123.123.123.123; };
>};
>[...]
>~ cat /etc/secondary.config
>secondary.config. BIND SOA hidden-ns.foobar.com hostmaster.foobar.com. (
> 2005100301 ; serial
> 28800 ; refresh (8 hours)
> 7200 ; retry (2 hours)
> 604800 ; expire (1 week)
> 86400 ; minimum (1 day)
> )
>foobar.com. BIND type slave
>foobar.com. BIND file /zones/foobar.com
>foobar.com. BIND master 123.123.123.123
>[...]
>
>There should be possiblity to specify multiple sources of
>secondary config. If there's syntax errors or same secondary zone
>in more than one config zones the secondary zone should make
>normal error log entry and ignore the secondary zone, ie zone
>would drop but it's admins fault.
>
>Is this completely stupid idea?
>
I don't think ISC would ever go for that. They seem to consider the
RFC-defined master-file format a sacred cow. If I recall, they're
waiting for someone to work on some sort of Holy Grail "provisioning"
protocol for BIND to hook into as far as zone adds/deletes, etc. Until
then, all BIND users are stuck either buying an expensive,
enterprise-class "IP management system" with a DNS component, e.g.
Lucent's QIP or Nortel's NetID, or cobbling together their own
"provisioning" system, using Perl scripts and whatnot.
- Kevin
More information about the bind-users
mailing list