split DNS?
Kevin Darcy
kcd at daimlerchrysler.com
Fri May 25 22:59:45 UTC 2007
Sky Me wrote:
> 2007/5/25, Kevin Darcy <kcd at daimlerchrysler.com>:
>> Yes. Check out doc/arm/Bv9ARM.ch06.html#view_statement_grammar relative
>> to the top-level of the BIND distribution.
>>
>
> After reading Bind's "view" content,I thought there're a little problems.
> For example,say we have two services in isp a:
>
> foo.example.com A 11.11.11.11 # service for isp a only
> bar.example.com A 22.22.22.22 # service for both isp a and b
>
> and have only one service in isp b:
>
> foo.example.com A 33.33.33.33 # service for isp b only
>
> The view config may looks below:
>
> view "ispa" {
> match-clients { "acl-ispa"; };
> zone "example.com" {
> type master;
> file "example-ispa.db";
> };
> };
> view "ispb" {
> match-clients { "acl-ispb"; };
> zone "example.com" {
> type master;
> file "example-ispb.db";
> };
> };
> view "other" { # say they get same answers as isp a
> match-clients { any; };
> zone "example.com" {
> type master;
> file "example-ipsa.db";
> };
> };
>
>
> Then we need 2 database files,and most items are may the same.like:
>
> example-ispa.db:
> foo.example.com A 11.11.11.11
> bar.example.com A 22.22.22.22
>
> example-ispb.db:
> foo.example.com A 33.33.33.33
> bar.example.com A 22.22.22.22
>
> So the difficulty I first think is that we have to maintain two
> database files.
> When db files are large enough,this work may become hard.Am I right?
You can use $INCLUDE files, as another poster pointed out, or you could
follow something like your original design, aliasing foo.example to
foo.split.example.com, a delegated subzone served by a separate
nameserver instance. The only differences from your original design being
a) you could use BIND with views, as the delegated nameserver, rather
than the homegrown, Stanford::DNSserver-based DNS server you currently
have, which might prove easier to operate and maintain, if not for you,
then maybe for whomever inherits this from you, and
b) you'd be able to serve up a differentiated A record from the
delegated nameserver instance instead of another CNAME in the chain
(nested CNAMEs are truly bad form).
- Kevin
More information about the bind-users
mailing list