Make aliases that don't transfer?
Mark Andrews
Mark_Andrews at isc.org
Tue Apr 3 13:08:45 UTC 2007
> It's "a hack" - ok I'll buy that though I inherited the setup. Is it a
> bad idea though? Should I really make separate zone files for every
> domain when all we really use is a single web site to service them all?
>
>
> We have a single domain for email and all other purposes. It is only
> because we have multiple business entities that we use separate domain
> names (essentially to insure people looking for us find our main web
> site). What is the downside to using such "a hack"?
>
> I can live with the multiple zone transfers (especially given that if I
> DID separate into individual zone files I'd still have multiple zone
> transfers) but was just curious if there was a way to configure named
> not to transfer a given zone file. Doing rsync wouldn't turn off zone
> transfers. I'd still want my main zone files (the unaliased ones) to
> transfer. Are you implying it is all or nothing? If so why do I need
> to configure each zone?
The zone declaration tells name what namespaces it is serving.
It also set the $ORIGIN when the master file is read in. This
allows @ to be expanded appropriately for each zone.
Note. You shouldn't use the same file for the slaves. Each file
*must* be unique. When named re-starts there is not way to make
sure the file contents match the zone.
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Kevin Darcy
> Sent: Monday, April 02, 2007 7:08 PM
> To: bind-users at isc.org
> Subject: Re: Make aliases that don't transfer?
>
> Always remember that the use of a single file as the source data for
> multiple zones is a *hack*. named loads that data as separate zones, and
>
> that's the way they are viewed in protocol terms, including zone
> transfers -- as separate zones. As John Wobus pointed out, if you want
> to treat *files* as *files* instead of *zones*, you could use an
> out-of-band mechanism, such as rsync, to replicate your data. Some
> caveats of doing things that way:
> 1) If you care about security at all, you'd want to set up a trust
> relationship so that no-one can spoof the data,
> 2) You might need to open up additional ports in your firewall(s), if
> any,
> 3) You'd need some way of getting the "slave" nameservers (defined as
> "master" for the zone(s) in question) to reload/refresh the data
> whenever it changes since, unlike with AXFR/IXFR, this is not automatic.
>
>
>
> - Kevin
>
> Jeff Lightner wrote:
> > We have multiple domains that are aliased to our main domain. This
> > works fine.
> > I've noticed on doing zone updates and transfers from master to slave
> > that it essentially transfers the alias zone file for EACH aliased
> > domain. This seems unnecessary since the zone file is a single one
> for
> > all these domains so it seems the transfer for the first alias should
> be
> > sufficient. I was curious how I would insure it only transferred
> once.
> > Is there a type other than "master" or "slave" or should I just take
> out
> > the "allow transfer" line? I don't want to delete the entry entirely
> > from the slave for obvious reasons.
> >
> > Example from my master:
> > zone "4waters.com" {
> > type master;
> > file "watercom-aliases";
> > allow-transfer { watercom; };
> > };
> >
> > >From my slave:
> > zone "4waters.com" {
> > type slave;
> > file "watercom-aliases";
> > masters { 10.0.21.21; };
> > allow-transfer { watercom; };
> > };
> >
> >
> >
> >
> >
> >
>
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list