[PLUG] Bind9 Views -- One Size fits One - Resolved - Really

Michael Rasmussen mikeraz at patch.com
Fri Feb 8 17:12:24 UTC 2008


Michael Rasmussen wrote:
> Lesson:  when setting up you named.conf files for bind9 save the anys for last.

True. And the Bind documentation agrees.

> New Lesson:  I still don't know what's broken.

Now resolved.

Twofold.
1) if you FU and send your "internal" RFC1918 (or other unroutable address) view
to your external DNS slave hope that you can get someone on the other end to
manually intervene.

2) Don't do anything you'd be embarrassed to admit to PLUG.

Boy, this hurts.  I was converting a test box into a production box.  Text box had
lots of unneeded software.  My clean up run was not complete.  dnsmasq was running
and responding to update requests from DNS slaves.  It cached the internal view
AND the internal view's list of authorized slaves.  External slaves were barred
from transferring updated zone information.

Side effect from all this:

I rented a virtual server instance from Gandi.net and set it up as a DNS secondary
for the afflicted domains.  I now have a self controlled DNS server in France.
It's a Xen hosted "share" and I had choices of Fedora, Centos, Ubuntu, Mandriva or
Debian.  End to end setup from the vendor side took less than an hour and I can
scale the Xen instance up or down to meet needs.   This is probably similar to the
Amazon virtual server arrangement.  I'll refrain from saying how cheap it is.

-- 
   Michael Rasmussen, Portland, Ore, USA
  Be Appropriate && Follow Your Curiosity
        http://www.patch.com/words/





More information about the PLUG mailing list