Catalog "reconfig" calamity

/dev/rob0 rob0 at gmx.co.uk
Sat May 27 18:06:08 UTC 2017 

On Fri, May 26, 2017 at 03:24:40PM -0500, I wrote:
> To make the story easier to follow I'll use these names to refer to 
> the servers in question:
> 	1. "Master", the physical machine, BIND 9.10
> 	2. "VM1"[1] the existing VM, former master of most zones
> 	3. "VM2"[2] the new virtual machine
> Both VMs are running BIND 9.11.1, and all are on various versions of 
> Slackware Linux.
> 
> The plan is to migrate all masters to Master and to use catz to 
> provision the two VMs.  As I said, this is all peachy and smooth on 
> VM2 (many thanks to Mukund and ISC for that.)
> 
> I have run into trouble on VM1.  My procedure has been to update the 
> master zones to show changes, check that the update is shown on 
> Master (which actually has these zones as slaves of VM1).  Then I 
> remove the master zone on VM1 with "rndc reconfig", nsupdate the 
> catalog on Master.

Reproduced now on VM2 also.  "rndc reconfig" was necessary to add an 
option and an acl there.  It wiped out all my catz member zones.

> What I have been doing to fix it, on VM1: rndc stop, remove the 
> "catalog-zones" from the options{} section, start named again, then 
> replace the "catalog-zones" option.  At that point "rndc reconfig" 
> adds all the member zones back.

I have not yet found a shortcut.  If I leave named running, 
subsequent reloads/reconfigs won't add in the catz member zones.  I 
think stop and restart without catalog-zones is the only way.  Stop 
and restart as-is does not add in the deleted catz member zones.

I suppose one "shortcut" would be to clear out all members from the 
catalog zone, then nsupdate them back in.  But that would only save a 
few seconds and might cause more impact to services.

> It's very inconvenient.  Am I perhaps doing something wrong, or have 
> I overlooked something in the documentation?

Do you (ISC) want me to submit this to bugs.isc.org?

> Oh, and speaking of the documentation, I think some of what's in ARM 
> chapter 4 should also be in ARM chapter 6.  I usually expect to see 
> the complete documentation in chapter 6, but all it has it the very 
> brief syntax summary.

Another thing I should mention that surprised me was the lack of ";" 
inside the catalog-zones option.  I spoke to Witold, who told me the
syntax was modeled after response-policy.  Fine, but note that 
another multi-setting option, rate-limit, terminates subordinate 
options semicolons.  So I still think there is some inconsistency.
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

More information about the bind-users mailing list