Best practice MultiView

Nick Tait nick at tait.net.nz
Mon Apr 17 20:58:22 UTC 2023 

On 18/04/2023 1:40 am, Jiaming Zhang wrote:
> However, I got a question on the syntax of |also-notify|​, what I can 
> see from bind9's user manual, the target of |also-notify|​ can be 
> |<remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> 
> [ port <integer> ]|​, does this means that I can use domain names of 
> the server instead of IP? Both name server has IPv4 (single or 
> multiple) and IPv6 glued with the domain name, and I was wondering if 
> by setting domain name instead of IP, bind will intelligently find if 
> it would need to communicate with which IP (like it currently do with 
> |notify yes|​). I asked because if by any chance for whatever reason 
> sending notify was failed to a certain IP, it may look up any other 
> available IP that is defined with the related domain name (at least 
> from my observation).

As Greg said, it needs to be IP addresses, not host names. The 
documentation defines "<remote-servers>" as follows:

     A named list of one or more ip_addresses with optional tls_id, server_key, and/or port. A remote-servers list may include other remote-servers lists. See primaries block.

> I was also confused what you exactly referred to with '"primaries" (or 
> "masters" in old terminology) statement that includes the correct key 
> name', I assume you mean I need to point which is the master and the 
> keys to communicate with this specific master on the slave server. For 
> the reference, I attached the related config on slave below.
>
> ```
> zone "example.com" IN {
> type slave;
> masters { <ip of master>; };
> file "/path/to/file";
> allow-query { any; };
> notify yes; # will become "explicit"
> };
> ```

What I was trying to say was the primaries/masters block above needs to 
include the key name. Also you may not even need your secondaries 
(slaves) to send notifies - unless you have a hierarchical structure 
where your secondaries need to notify downstream secondaries? e.g. In 
the simplest case you might have your secondaries using:

    zone "example.com" IN {
    type slave;
    masters { 192.0.2.2 key "internal.example.com"; };
    file "/path/to/file";
    allow-query { any; };
    notify no;
    };

NB: In all my examples "192.0.2.2" is the primary (master) and 
"192.0.2.1" is the secondary (slave).

Nick.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230418/e55c8a93/attachment.htm>

More information about the bind-users mailing list