Best practice MultiView
Nick Tait
nick at tait.net.nz
Mon Apr 17 20:58:22 UTC 2023
On 18/04/2023 1:40 am, Jiaming Zhang wrote:
> However, I got a question on the syntax of |also-notify|, what I can
> see from bind9's user manual, the target of |also-notify| can be
> |<remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address>
> [ port <integer> ]|, does this means that I can use domain names of
> the server instead of IP? Both name server has IPv4 (single or
> multiple) and IPv6 glued with the domain name, and I was wondering if
> by setting domain name instead of IP, bind will intelligently find if
> it would need to communicate with which IP (like it currently do with
> |notify yes|). I asked because if by any chance for whatever reason
> sending notify was failed to a certain IP, it may look up any other
> available IP that is defined with the related domain name (at least
> from my observation).
As Greg said, it needs to be IP addresses, not host names. The
documentation defines "<remote-servers>" as follows:
A named list of one or more ip_addresses with optional tls_id, server_key, and/or port. A remote-servers list may include other remote-servers lists. See primaries block.
> I was also confused what you exactly referred to with '"primaries" (or
> "masters" in old terminology) statement that includes the correct key
> name', I assume you mean I need to point which is the master and the
> keys to communicate with this specific master on the slave server. For
> the reference, I attached the related config on slave below.
>
> ```
> zone "example.com" IN {
> type slave;
> masters { <ip of master>; };
> file "/path/to/file";
> allow-query { any; };
> notify yes; # will become "explicit"
> };
> ```
What I was trying to say was the primaries/masters block above needs to
include the key name. Also you may not even need your secondaries
(slaves) to send notifies - unless you have a hierarchical structure
where your secondaries need to notify downstream secondaries? e.g. In
the simplest case you might have your secondaries using:
zone "example.com" IN {
type slave;
masters { 192.0.2.2 key "internal.example.com"; };
file "/path/to/file";
allow-query { any; };
notify no;
};
NB: In all my examples "192.0.2.2" is the primary (master) and
"192.0.2.1" is the secondary (slave).
Nick.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230418/e55c8a93/attachment.htm>
More information about the bind-users
mailing list