Clients Matching Multiple Views
Marty Lee
marty at maui-systems.co.uk
Fri Apr 11 18:07:37 UTC 2014
On 11 Apr 2014, at 18:59, John Wobus <jw354 at cornell.edu> wrote:
> On Apr 9, 2014, at 4:14 AM, Steven Carr wrote:
>> However, assuming you are using views on the same IP address and not
>> splitting it across internal/external servers as that would screw up
>> NS records), you can reuse the same zone file so those zones that
>> appear in both internal and external views refer back to the same zone
>> file, then when you update that zone file both views are updated.
>
> My understanding has been that two views that are masters for
> a zone can safely share a zone file if the zone isn't dynamic (e.g.
> dnsupdate, dnssec auto signing, etc), but that two views of
> a slave zone shouldn't do that: you could have two
> different views independently rewriting the same file, a bad thing even
> if the files are known to be identical. Furthermore, allowing that could
> conceivably show no problems very much of the time, masking the actual
> risk.
>
> If I'm wrong, that would be a good thing to know.
>
> John Wobus
> Cornell U
If you were to use a DLZ for the dynamic zone rather than a file,
then the multiple writer integrity can be handled by the DLZ code
(i.e. palming it off to a RDBMS to deal with).
Just a thought - but generally I agree that multiple writers to
a file is just asking for trouble…
-----
Marty Lee e: marty at maui-systems.co.uk
Technical Director v: +44 845 869 2661
Maui Systems Ltd f: +44 871 433 8922
Scotland, UK w: http://www.maui-systems.co.uk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140411/a45b0cb6/attachment.bin>
More information about the bind-users
mailing list