zone updates different in different views

[Dan Pritts]

Hi,

using bind 9.8.1-p1 on rhel5 i386

Having a problem with views.  My intended configuration:

* most zones are identical in either view

* a few zones are added in the internal view

* networks in the internal view can do recursive queries (yeah, i know, 
i'm not supposed to mix authoritative & recursing servers, but it's not 
illegal, right?)

I've configured things this way, and it basically works.

However, when I update a zone on my master server, the changes are not 
fully propagated to the slaves.  The "internal" view on the slaves 
generally picks up the changes; the "external" view, however, often 
doesn't.

I haven't been able to divine a pattern to when this happens and when it 
doesn't.

I use rndc reload on the master to have it pick up the changes.

Here are the view configs.  the included files contain zone statements.

As I write this, i wonder if the problem is because i include the same 
authoritativezones.conffile in all three views.

========= begin


view "internet2"
{
         match-clients    {  some clients here         };

         recursion yes;
         // you'd think "recursion yes" would enable recursion, but 
you'd be wrong.
         allow-query-cache { any; };

         // all views must contain the root hints zone:
         include "stdzones/named.root.hints";

         include "conf/runtime/internet2.edu.conf";
         include "conf/runtime/authoritativezones.conf";
};

view "member-meetings"
{
         match-clients    {  some other clients here        };

         recursion yes;
         // you'd think "recursion yes" would enable recursion, but 
you'd be wrong.
         allow-query-cache { any; };


         // all views must contain the root hints zone:
         include "stdzones/named.root.hints";

         include "conf/runtime/authoritativezones.conf";
};

view "external"
{
// This view will contain zones you want to serve only to "external" clients
// that have addresses that are not on your directly attached LAN 
interface subnets:
//
         match-clients           { any; };
         match-destinations      { any; };

         // you'd probably want to deny recursion to external clients, 
so you don't
         // end up providing free DNS service to all takers
         recursion no;

         // Disable lookups for any cached data and root hints
         allow-query-cache { none ; };

         // all views must contain the root hints zone:
         include "stdzones/named.root.hints";

         // this should be a symlink, depending on master-slave status
         include "conf/runtime/authoritativezones.conf";

};

=========== end




thanks!

danno
-- 

Dan Pritts, Sr. Systems Engineer
Internet2
office: +1-734-352-4953  | mobile: +1-734-834-7224

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20111210/3d735e94/attachment.html>