Automatic updates to internal views of slave zones?

Wed Dec 15 02:17:50 UTC 2010

In message <20101215024725.105336hyvxgkm04k at bitis.umrk.nl>, Jaap Winius writes:
> Hi folks,
> 
> Occasionally I set up a slave zone on my DNS so that I don't always  
> have to wait for updates from the master. However, my named.conf has  
> separate internal and external views. This file has separate internal  
> and external entries for the above slave zone, although these share  
> the same cached zone file.

Don't do that.  Cache files should NEVER be shared.

> What I find irritating about this configuration is that, although the  
> external slave zone, including its cache in memory, almost immediately  
> reflects the changes that are made to the master, the internal slave  
> zone is only updated after bind9 is restarted -- that's when it reads  
> it's already updated cached zone file.
> 
> Is this a security feature that cannot be circumvented, or is it  
> possible for the cached information of the internal slave zone to be  
> updated together with the external one?

You can just have the internal view transfer from the external view.

key external {
	....
};

view internal {
	match-clients { !key external; 127.0.0.1; .... };
	zone xxx {
		type slave;
		masters { 127.0.0.1 key external; .....};
		file "internal/xxx";
	};
};

view external {
	match-clients { key external; any; };
	zone xxx {
		type slave;
		masters { .... };
		file "external/xxx";
		notify explict;
		also-notify { 127.0.0.1; };
		allow-transfer { key external; .... };
	};
};

> Thanks,
> 
> Jaap
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org