Views configuration question.

Sat Aug 14 02:27:04 UTC 2004

Tom Diehl wrote:

>Hi all,
>
>I have a couple of zones that I host. The master is on a local machine and the
>slave is hosted remotely. In addition I have zones that are locally hosted
>slaves and the masters are hosted remotely. Both nameservers have both internal
>and external views. The question is, what is the correct way to handle the
>internal view of the zones for which I am a slave? 
>
>For example if I have a config file that looks something like the following:
>
>view "rogueind" {
>    match-clients { "internal";};
>    recursion yes;
>
>zone "rogueind.com" in {
>        type master;
>        notify yes;
>        file "rogueind.com.internal.db";
>        allow-transfer {
>                "internal";
>                };
>    };
>
>}
>
>
>view "external" {
>    match-clients { "any"; };
>    recursion no;
>
>    zone "rogueind.com" in {
>        type master;
>        notify yes;
>        file "rogueind.com.db";
>        allow-transfer {
>                "external";
>                };
>    };
>
>	zone "stnhbr.com" in {
>        type slave; masters { xxx.xxx.xxx.xxx; };
>        notify no;
>        file "cache/stnhbr.com.db";
>        allow-transfer { "external"; };
>    };
>
>};
>
>What is the correct way to handle the internal view of the stnhbr.com domain?
>Do I do it the way I have it above? I think this would just query the remote
>nameserver but what happens if the remote is unavailable? 
>
As a recursive resolver, it will try to query any or all of the 
nameservers which are published in the zone's NS records, including your 
nameserver if it is published there.

>If I add a stanza 
>to the internal view for the stnhbr zone I do not think the zone transfers,
>notifies, etc will work properly given that the internal addresses will never
>match the external addresses.
>  
>
A question: do you have multiple addresses on this box, or just one? If 
you have just one address, then perhaps the simplest thing to do is make 
both views slaves of the stnhbr.com zone. This will incur some extra 
zone-transfer overhead, unfortunately. If you want to avoid that 
overhead, you could try adding an exception to the match-clients so that 
when the nameserver instance queries *itself*, it gets the external 
view. If you do that, though, you might want to change /etc/resolv.conf 
on the box to point to 127.0.0.1, otherwise local processes will lose 
the ability to resolve internal names.

If you have multiple addresses on the box to play with, you could tinker 
with query-source, transfer-source etc. to have the internal view be a 
stealth slave from the external view for stnhbr.com. Be aware, however, 
that whenever you make a slave to another slave, changes to the zone 
could take up to twice the refresh time to propagate.

- Kevin