bind restart needed to reflect changes to dynamic zone in multiple views
Lyle Giese
lyle at lcrcomputer.net
Fri Jun 24 13:57:54 UTC 2011
On 06/24/11 08:22, Brian J. Murrell wrote:
> I am using BIND 9.7.2-P2.
>
> I have two views, one "internal" and one for "external" queries. In
> both of those views I have some zones which are common so I put them
> into their own file "zones.common" and include that file in both of the
> views.
>
> The problem I am having is that when I make a dynamic update to a common
> zone, only the internal view sees that change. External queries still
> return the data prior to the update. If I restart the server, then
> external queries get the updated data.
>
> To provide an (excerpted, for brevity) example...
>
> ---- zones.common ----
> zone "rbl.interlinx.bc.ca" {
> type master;
> file "/etc/bind/master/rbl.interlinx.bc.ca.zone";
> allow-update { ... };
> allow-transfer { ... };
> allow-query { any; };
> };
> ---- zones.common ----
>
> ---- named.conf ----
> view "trusted" {
> match-clients { trusted_networks; }; // our internal networks
> ...
> include "/etc/bind/zones.common";
> ...
> zone "interlinx.bc.ca" {
> type master;
> file "/etc/bind/master/interlinx.bc.ca.zone";
> allow-update { ... };
> allow-query { ... };
> allow-transfer { ... };
> };
> ...
> };
>
> view "greatunwashed" {
> match-clients { any; }; // all others hosts
> ...
> include "/etc/bind/zones.common";
> allow-query { great_unwashed_allowed_query; };
> zone "interlinx.bc.ca" {
> type slave;
> file "/etc/bind/slave/interlinx.bc.ca.zone";
> masters { ... };
> allow-query { any; };
> };
> };
> ---- named.conf ----
>
> To demonstrate, given the above configuration:
>
> greatunwashed_host $ host 1.2.3.4.rbl.interlinx.bc.ca.
> Host 1.2.3.4.rbl.interlinx.bc.ca not found: 3(NXDOMAIN)
>
> trusted_host $ host 1.2.3.4.rbl.interlinx.bc.ca.
> Host 1.2.3.4.rbl.interlinx.bc.ca. not found: 3(NXDOMAIN)
>
> dns_server $ nsupdate
>> server localhost
>> zone rbl.interlinx.bc.ca.
>> update add 1.2.3.4.rbl.interlinx.bc.ca 60 A 127.0.0.2
>> send
>>
>
> trusted_host $ host 1.2.3.4.rbl.interlinx.bc.ca.
> 1.2.3.4.rbl.interlinx.bc.ca has address 127.0.0.2
>
> greatunwashed_host $ host 1.2.3.4.rbl.interlinx.bc.ca.
> Host 1.2.3.4.rbl.interlinx.bc.ca not found: 3(NXDOMAIN)
>
> dns_server # /usr/sbin/rndc reload
> server reload successful
>
> trusted_host $ host 1.2.3.4.rbl.interlinx.bc.ca.
> 1.2.3.4.rbl.interlinx.bc.ca has address 127.0.0.2
>
> greatunwashed_host $ host 1.2.3.4.rbl.interlinx.bc.ca.
> Host 1.2.3.4.rbl.interlinx.bc.ca not found: 3(NXDOMAIN)
>
> dns_server # service bind9 restart
> * Stopping domain name service... bind9
> ...done.
> * Starting domain name service... bind9
> ...done.
>
> trusted_host $ host 1.2.3.4.rbl.interlinx.bc.ca.
> 1.2.3.4.rbl.interlinx.bc.ca has address 127.0.0.2
>
> greatunwashed_host $ host 1.2.3.4.rbl.interlinx.bc.ca.
> 1.2.3.4.rbl.interlinx.bc.ca has address 127.0.0.2
>
> As you can see, it took a complete server restart for the greatunwashed
> view to get the zone update.
>
> Is this expected behavior or a (known?) bug?
>
> Cheers,
> b.
>
It's expected behavior in a way. You are probably making this change in
the internal view and the internal named process knows about the change
and reloads the zone.
The external view's process is unaware of the change and does not reload.
1) You could send a periodic rndc reload to the external view process.
2) Since this appears to be an rbl zone, use rbldnsd instead of named to
serve this zone. Rbldnsd has code in it to auto-detect a change in the
zone file and will auto-reload. Rbldnsd is a tighter piece of code
designed not to be a general purpose piece of software, but a
specialized service. It takes fewer system resources for this purpose.
FYI, I have an internal rbl that I use here. I store the zone data in a
postgres sql database and do the updates to it there. The two hosts
that serve the data run rbldnsd. I have written perl scripts to
periodicly pull a copy of the database and parse that into text files
compatible with rbldnsd and move them into place. rbldnsd automagically
reloads the updated zone files.
Lyle Giese
LCR Computer Services, Inc.
More information about the bind-users
mailing list