Best practice MultiView

Tue Apr 18 12:13:15 UTC 2023

Dear Nick,

The slave config was amended from the master, I don’t need the slave to notify any other server. I’ll check if any other zones have similar residue left. Thanks for pointing out.

Kind regards,
Jiaming Zhang

Yixi Meta
Tel: +31 (6) 12 98 08 07
Email: J.Zhang at yiximeta.com
Website: yiximeta.com

De informatie in dit bericht is uitsluitend bestemd voor de geadresseerde. Aan dit bericht en de bijlagen kunnen geen rechten worden ontleend. Heeft u deze e-mail onbedoeld ontvangen? Dan verzoeken wij u het te vernietigen en de afzender te informeren. Openbaar maken, kopiëren en verspreiden van deze e-mail of informatie uit deze e-mail is alleen toegestaan met voorafgaande schriftelijke toestemming van de afzender. Het Yixi Meta staat geregistreerd bij de Kamer van Koophandel in het handelsregister onder nummer 85744115.

The content of this message is intended solely for the addressee. No rights can be derived from this message or its attachments. If you are not the intended recipient, we kindly request you to delete the message and inform the sender. It is strictly prohibited to disclose, copy or distribute this email or the information inside it, without a written consent from the sender. Yixi Meta is registered with the Dutch Chamber of Commerce trade register with number 85744115.
________________________________
Van: bind-users <bind-users-bounces at lists.isc.org> namens Nick Tait via bind-users <bind-users at lists.isc.org>
Verzonden: Monday, April 17, 2023 10:58:22 PM
Aan: bind-users at lists.isc.org <bind-users at lists.isc.org>
Onderwerp: Re: Best practice MultiView

On 18/04/2023 1:40 am, Jiaming Zhang wrote:
However, I got a question on the syntax of also-notify, what I can see from bind9's user manual, the target of also-notify can be <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ], does this means that I can use domain names of the server instead of IP? Both name server has IPv4 (single or multiple) and IPv6 glued with the domain name, and I was wondering if by setting domain name instead of IP, bind will intelligently find if it would need to communicate with which IP (like it currently do with notify yes). I asked because if by any chance for whatever reason sending notify was failed to a certain IP, it may look up any other available IP that is defined with the related domain name (at least from my observation).

As Greg said, it needs to be IP addresses, not host names. The documentation defines "<remote-servers>" as follows:

    A named list of one or more ip_addresses with optional tls_id, server_key, and/or port. A remote-servers list may include other remote-servers lists. See primaries block.

I was also confused what you exactly referred to with '"primaries" (or "masters" in old terminology) statement that includes the correct key name', I assume you mean I need to point which is the master and the keys to communicate with this specific master on the slave server. For the reference, I attached the related config on slave below.

```
zone "example.com" IN {
type slave;
masters { <ip of master>; };
file "/path/to/file";
allow-query { any; };
notify yes; # will become "explicit"
};
```

What I was trying to say was the primaries/masters block above needs to include the key name. Also you may not even need your secondaries (slaves) to send notifies - unless you have a hierarchical structure where your secondaries need to notify downstream secondaries? e.g. In the simplest case you might have your secondaries using:

zone "example.com" IN {
type slave;
masters { 192.0.2.2 key "internal.example.com"; };
file "/path/to/file";
allow-query { any; };
notify no;
};

NB: In all my examples "192.0.2.2" is the primary (master) and "192.0.2.1" is the secondary (slave).

Nick.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230418/6a2b94db/attachment.htm>