BIND - Multiple views referencing the same zone file

Issues related to applications and software problems
Post Reply
one_frog
Posts: 2
Joined: 2018/06/22 15:14:50

BIND - Multiple views referencing the same zone file

Post by one_frog » 2018/06/22 16:21:21

CentOS 7
BIND 9.9.4-61
All updates applied as of today(2018-06-22)

The question that I have is if there are any complications from having the same zone file referenced by different views. It has worked OK in our admittedly limited testing thus far but are there any performance or security issues? For that matter, is it not according to convention? If not, what is the right way? All of the examples on ISC's site that I was able to find did not show such a setup.

Situation:
I work for a small ISP. One of our clients, who uses us for DNS services, has a global presence. Currently they have their names setup so that if someone wants to access the server called "apps" while in China, they would go to apps.company.cn. Now they want to change that so that one would just put in apps.company.com and they would be automatically directed to the closest server.

To accomplish this, we were thinking of using GeoIP and views. Our idea was to setup acls based upon GeoIP for the countries they wish to designate then corresponding views that would point to a zone file for that company that has the region specific addresses. In code below, because the explanation is getting long.

Originally we were going to use in-view statements, which looked like it would resolve any performance issues but that isn't available until BIND 9.10.

Code: Select all

acl china {
        geoip db country country CN;
};

view china {
	match-clients { china; };
	zone "company.com" {
		type master;
		file "com/db.company.china";
	};
	
	zone "somethingElseWeHost.com" {
		type  master;
		file "com/db.somethingElseWeHost";
	};
};

view everyoneElse {
	match-clients { any; };
	zone "company.com" {
		type master;
		file "com/db.company";
	};
	
	zone "somethingElseWeHost.com" {
		type  master;
		file "com/db.somethingElseWeHost";
	};
};

tomkep
Posts: 17
Joined: 2018/04/25 13:30:50

Re: BIND - Multiple views referencing the same zone file

Post by tomkep » 2018/06/28 19:35:34

It probably will work correctly if you keep your zones static. As soon as you start doing dynamic updates you WILL see the discrepancies between the views.
The right way to share zone between the views in BIND 9.9 is described in this article: How do I share a dynamic zone between multiple views?

one_frog
Posts: 2
Joined: 2018/06/22 15:14:50

Re: BIND - Multiple views referencing the same zone file

Post by one_frog » 2018/07/17 22:06:50

Thanks for the reply. They do have a single dynamic zone so that will be quite helpful.

Post Reply