Catalog "reconfig" calamity
/dev/rob0
rob0 at gmx.co.uk
Sat May 27 18:06:08 UTC 2017
On Fri, May 26, 2017 at 03:24:40PM -0500, I wrote:
> To make the story easier to follow I'll use these names to refer to
> the servers in question:
> 1. "Master", the physical machine, BIND 9.10
> 2. "VM1"[1] the existing VM, former master of most zones
> 3. "VM2"[2] the new virtual machine
> Both VMs are running BIND 9.11.1, and all are on various versions of
> Slackware Linux.
>
> The plan is to migrate all masters to Master and to use catz to
> provision the two VMs. As I said, this is all peachy and smooth on
> VM2 (many thanks to Mukund and ISC for that.)
>
> I have run into trouble on VM1. My procedure has been to update the
> master zones to show changes, check that the update is shown on
> Master (which actually has these zones as slaves of VM1). Then I
> remove the master zone on VM1 with "rndc reconfig", nsupdate the
> catalog on Master.
Reproduced now on VM2 also. "rndc reconfig" was necessary to add an
option and an acl there. It wiped out all my catz member zones.
> What I have been doing to fix it, on VM1: rndc stop, remove the
> "catalog-zones" from the options{} section, start named again, then
> replace the "catalog-zones" option. At that point "rndc reconfig"
> adds all the member zones back.
I have not yet found a shortcut. If I leave named running,
subsequent reloads/reconfigs won't add in the catz member zones. I
think stop and restart without catalog-zones is the only way. Stop
and restart as-is does not add in the deleted catz member zones.
I suppose one "shortcut" would be to clear out all members from the
catalog zone, then nsupdate them back in. But that would only save a
few seconds and might cause more impact to services.
> It's very inconvenient. Am I perhaps doing something wrong, or have
> I overlooked something in the documentation?
Do you (ISC) want me to submit this to bugs.isc.org?
> Oh, and speaking of the documentation, I think some of what's in ARM
> chapter 4 should also be in ARM chapter 6. I usually expect to see
> the complete documentation in chapter 6, but all it has it the very
> brief syntax summary.
Another thing I should mention that surprised me was the lack of ";"
inside the catalog-zones option. I spoke to Witold, who told me the
syntax was modeled after response-policy. Fine, but note that
another multi-setting option, rate-limit, terminates subordinate
options semicolons. So I still think there is some inconsistency.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
More information about the bind-users
mailing list