Advanced Bind Configuration

fantasygoat · 03-06-2012, 03:51 PM

I have a fairly complex bind setup that I'd like to implement.

I have four servers, each of which has four views in the config, and I'd like to make one of the servers the master and the other three slaves.

Currently I have it working with two views, but I'm adding a geodns component so the number of views must go up.

With the new config in place, when I update the SOA and restart the server, it sends notices to the other servers, but they only download the "internal" view, but not the three other "external" views.

Does anyone have any experience in getting bind 9.9.0 to properly send updates?

elfenlied · 03-06-2012, 05:46 PM

Are you able to post your configuration? It's not to easy to make a suggestion when you can't really see how it's been set up. You can obviously change IP addresses names etc for security purposes.

fantasygoat · 03-06-2012, 06:46 PM

Here's the config on the master (10.0.0.50):

Code:

key "external"          { algorithm hmac-md5; secret "xxx"; };
key "external-uk"       { algorithm hmac-md5; secret "yyy"; };

controls {
        inet 127.0.0.1 allow { localhost; };
};

options {
        listen-on-v6            { none; };
        pid-file                "/var/run/named/named.pid";
        directory               "/var/named";
        allow-transfer          { 10.0.0.0/8; 172.16.0.0/12; };
        also-notify             { 172.16.1.4; 172.16.1.5; };
        notify                  explicit;
        version                 none;
        hostname                none;
        server-id               none;
        max-ncache-ttl          3;
        recursive-clients       10000;
};

view "internal" {
        recursion yes;

        # Internal hosts
        match-clients { !key external; !key external-uk; 10.0.0.0/8; 172.16.0.0/12; 127.0.0.1; };

        # Forward Zones
        zone "example.com"                 { type master; file "internal/example.com.zone"; };

        # Reverse Zones
        zone "0.0.10.in-addr.arpa"      { type master; file "internal/10.0.0.rev"; };
        zone "1.0.10.in-addr.arpa"      { type master; file "internal/10.0.1.rev"; };
        zone "1.16.172.in-addr.arpa"    { type master; file "internal/172.16.1.rev"; };
        zone "5.16.172.in-addr.arpa"    { type master; file "internal/172.16.5.rev"; };
        zone "10.16.172.in-addr.arpa"   { type master; file "internal/172.16.10.rev"; };
        zone "20.16.172.in-addr.arpa"   { type master; file "internal/172.16.20.rev"; };
        zone "30.16.172.in-addr.arpa"   { type master; file "internal/172.16.30.rev"; };
        zone "40.16.172.in-addr.arpa"   { type master; file "internal/172.16.40.rev"; };
        zone "50.16.172.in-addr.arpa"   { type master; file "internal/172.16.50.rev"; };
        zone "60.16.172.in-addr.arpa"   { type master; file "internal/172.16.60.rev"; };
        zone "70.16.172.in-addr.arpa"   { type master; file "internal/172.16.70.rev"; };
};

view "external-uk" {
        recursion no;

        # All of Europe
        match-clients {
               key external-uk;
               geoip_cityDB_country_GB; geoip_cityDB_country_AD; geoip_cityDB_country_AL; geoip_cityDB_country_AT; geoip_cityDB_country_BA; geoip_cityDB_country_BE;
               geoip_cityDB_country_BG; geoip_cityDB_country_BY; geoip_cityDB_country_CH; geoip_cityDB_country_CZ; geoip_cityDB_country_DE; geoip_cityDB_country_DK;
               geoip_cityDB_country_EE; geoip_cityDB_country_ES; geoip_cityDB_country_FI; geoip_cityDB_country_FO; geoip_cityDB_country_FR; geoip_cityDB_country_FX;
               geoip_cityDB_country_GI; geoip_cityDB_country_GR; geoip_cityDB_country_HR; geoip_cityDB_country_HU; geoip_cityDB_country_IE; geoip_cityDB_country_IS;
               geoip_cityDB_country_IT; geoip_cityDB_country_LI; geoip_cityDB_country_LT; geoip_cityDB_country_LU; geoip_cityDB_country_LV; geoip_cityDB_country_MC;
               geoip_cityDB_country_MD; geoip_cityDB_country_MK; geoip_cityDB_country_MT; geoip_cityDB_country_NL; geoip_cityDB_country_NO; geoip_cityDB_country_PL;
               geoip_cityDB_country_PT; geoip_cityDB_country_RO; geoip_cityDB_country_SE; geoip_cityDB_country_SI; geoip_cityDB_country_SJ; geoip_cityDB_country_SK;
               geoip_cityDB_country_SM; geoip_cityDB_country_UA; geoip_cityDB_country_VA; geoip_cityDB_country_CS; 
        };
        
        zone "example.com"                 { type master; file "external-uk/example.com.zone"; };
};

view "external" {
        recursion no;

        # Everywhere else
        match-clients { key external; any; };

        zone "example.com"                 { type master; file "external/example.com.zone"; };
};

logging {
        channel logfile {
                file "/var/log/named.log" versions 3 size 1m;
                print-time yes;
                print-category yes;
        };

        category default        { logfile; };
        category lame-servers   { null; };
        category notify         { logfile; };
};

include "/etc/rndc.key";

And from one of the slaves (172.16.1.4):

Code:

key "external"          { algorithm hmac-md5; secret "xxx"; };
key "external-uk"       { algorithm hmac-md5; secret "yyy"; };

controls {
        inet 127.0.0.1 allow { localhost; };
};

options {
        listen-on-v6            { none; };
        pid-file                "/var/run/named/named.pid";
        directory               "/var/named";
        allow-update            { 10.0.0.50; };
        notify                  explicit;
        version                 none;
        hostname                none;
        server-id               none;
        max-ncache-ttl          3;
        recursive-clients       10000;
};

view "internal" {
        recursion yes;

        # Internal hosts
        match-clients { !key external; !key external-uk; 10.0.0.0/8; 172.16.0.0/12; 127.0.0.1; };

        # Forward Zones
        zone "example.com"              { type slave; file "internal/example.com.zone"; masters { 10.0.0.50; }; };
 
        # Reverse Zones
        zone "0.0.10.in-addr.arpa"      { type slave; file "internal/10.0.0.rev";    masters { 10.0.0.50; }; };
        zone "1.0.10.in-addr.arpa"      { type slave; file "internal/10.0.1.rev";    masters { 10.0.0.50; }; };
        zone "1.16.172.in-addr.arpa"    { type slave; file "internal/172.16.1.rev";  masters { 10.0.0.50; }; };
        zone "5.16.172.in-addr.arpa"    { type slave; file "internal/172.16.5.rev";  masters { 10.0.0.50; }; }; 
        zone "10.16.172.in-addr.arpa"   { type slave; file "internal/172.16.10.rev"; masters { 10.0.0.50; }; };
        zone "20.16.172.in-addr.arpa"   { type slave; file "internal/172.16.20.rev"; masters { 10.0.0.50; }; };
        zone "30.16.172.in-addr.arpa"   { type slave; file "internal/172.16.30.rev"; masters { 10.0.0.50; }; };
        zone "40.16.172.in-addr.arpa"   { type slave; file "internal/172.16.40.rev"; masters { 10.0.0.50; }; };
        zone "50.16.172.in-addr.arpa"   { type slave; file "internal/172.16.50.rev"; masters { 10.0.0.50; }; };
        zone "60.16.172.in-addr.arpa"   { type slave; file "internal/172.16.60.rev"; masters { 10.0.0.50; }; };
};

view "external-uk" {
        recursion no;
        allow-transfer { 172.16.0.0/12; };

        # All of Europe
        match-clients {
               key external-uk;
               geoip_cityDB_country_GB; geoip_cityDB_country_AD; geoip_cityDB_country_AL; geoip_cityDB_country_AT; geoip_cityDB_country_BA; geoip_cityDB_country_BE;
               geoip_cityDB_country_BG; geoip_cityDB_country_BY; geoip_cityDB_country_CH; geoip_cityDB_country_CZ; geoip_cityDB_country_DE; geoip_cityDB_country_DK;
               geoip_cityDB_country_EE; geoip_cityDB_country_ES; geoip_cityDB_country_FI; geoip_cityDB_country_FO; geoip_cityDB_country_FR; geoip_cityDB_country_FX;
               geoip_cityDB_country_GI; geoip_cityDB_country_GR; geoip_cityDB_country_HR; geoip_cityDB_country_HU; geoip_cityDB_country_IE; geoip_cityDB_country_IS;
               geoip_cityDB_country_IT; geoip_cityDB_country_LI; geoip_cityDB_country_LT; geoip_cityDB_country_LU; geoip_cityDB_country_LV; geoip_cityDB_country_MC;
               geoip_cityDB_country_MD; geoip_cityDB_country_MK; geoip_cityDB_country_MT; geoip_cityDB_country_NL; geoip_cityDB_country_NO; geoip_cityDB_country_PL;
               geoip_cityDB_country_PT; geoip_cityDB_country_RO; geoip_cityDB_country_SE; geoip_cityDB_country_SI; geoip_cityDB_country_SJ; geoip_cityDB_country_SK;
               geoip_cityDB_country_SM; geoip_cityDB_country_UA; geoip_cityDB_country_VA; geoip_cityDB_country_CS;
        };
        
        server 10.0.0.50 { keys external-uk; };
        
        zone "example.com"                 { type slave; file "external-uk/example.com.zone"; masters { 10.0.0.50; }; };
};

view "external" {
        recursion no;
        allow-transfer { 172.16.0.0/12; };

        # Everywhere else
        match-clients { key external; any; };
        server 10.0.0.50 { keys external; };

        zone "example.com"                 { type slave; file "external/example.com.zone"; masters { 10.0.0.50; }; };
};

logging {
        channel logfile {
                file "/var/log/named.log" versions 3 size 1m;
                print-time yes;
                print-category yes;
        };

        category default        { logfile; };
        category lame-servers   { null; };
        category notify         { logfile; };
};

include "/etc/rndc.key";

If I update the SOA record on server A, server B updates "internal" but not "external" or "external-uk".