views, slave zones, and data files
Kevin Darcy
kcd at daimlerchrysler.com
Tue May 18 19:53:04 UTC 2004
Why do you need six different views in the first place?
- Kevin
Anne Bennett wrote:
>**** problem statement:
>
>I have a few dozen zones, and I now need to provide about six
>different views on part of that data (one of the zones). Since all
>zones must be within view statements, I merrily used "include" files
>to set up all of the zones that are the same for each view, and used
>explicit zone statements for the zone which is different per view.
>For example (this is my initial attempt, which had a problem):
>
>view vlan_3 {
> match-clients { vlan_3; } ;
> include "/local/data/dns/conf/zoneconf.special"; // loopback, etc.
> include "/local/data/dns/conf/zoneconf.concordia"; // Concordia
> include "/local/data/dns/conf/zoneconf.encs"; // ENCS regular data
> include "/local/data/dns/conf/zoneconf.private"; // ENCS private data
> zone "Views.ENCS.Concordia.CA" { // ENCS variable data
> type slave;
> file "Views/vlan3.SEC";
> masters { 132.205.xx.yy; };
> };
>};
>
>view internal {
> match-clients { encs; } ;
> include "/local/data/dns/conf/zoneconf.special"; // loopback, etc.
> include "/local/data/dns/conf/zoneconf.concordia"; // Concordia
> include "/local/data/dns/conf/zoneconf.encs"; // ENCS regular data
> include "/local/data/dns/conf/zoneconf.private"; // ENCS private data
> zone "Views.ENCS.Concordia.CA" { // ENCS variable data
> type slave;
> file "Views/default-internal.SEC";
> masters { 132.205.xx.yy; };
> };
>};
>
>view external {
> match-clients { any; } ;
> include "/local/data/dns/conf/zoneconf.encs"; // ENCS regular data
> zone "Views.ENCS.Concordia.CA" { // ENCS variable data
> type slave;
> file "Views/default-external.SEC";
> masters { 132.205.xx.yy; };
> allow-query { any; }; // override the more restrictive default
> };
>};
>
>The problem with the above is that the include files, which list the zones,
>all use the same filename, e.g., an include file might contain:
>
>zone "ENCS.Concordia.CA" {
> type slave;
> file "encs.concordia.ca.SEC";
> masters {
> 132.205.4.x;
> 132.205.44.y;
> };
> allow-query { any; };
>};
>
>... but I just realized that all of the views that include the
>above will be competing with each other to stomp on the data file
>"encs.concordia.ca.SEC" - presumably not a good thing!
>
>
>**** solutions that didn't work:
>
>I had two ideas to resolve the above problem without having to repeat
>my zone definitions six times each. The first idea was to change the
>"directory" on a per-view basis, in other words, using the same
>filename that comes from the include file, but having each view place
>that file in a different subdirectory. Sadly, it seems that the
>option "directory" is not allowable on a per-view basis:
>named-checkconf complained "unknown option 'directory'" when I tried:
>
>view external {
> match-clients { any; } ;
> directory "/local/data/dns/zones/SecData/external";
> include "/local/data/dns/conf/zoneconf.encs"; // ENCS regular data
> [....]
>
>My second idea was that the "include" directive might take an
>argument, kind of the way the zone file $INCLUDE directive does, that
>could be referred to somehow in the include file itself: no such luck.
>
>
>**** now what?
>
>I'm all out of graceful ways to do this, so I'm writing a Makefile
>which will use "sed" to build six files for each "template" include
>file, and I will arrange to include the appropriate set of files in
>each view. This isn't difficult, but it's ugly.
>
>Is there a better way to do this? I can't believe that my problem is
>a new one. There must be a simple way to serve multiple views of a
>small part of one's data, without having to duplicate the rest!
>
>
>Anne.
>
>
More information about the bind-users
mailing list