Issue in calling same zone in more than one VIEW

[Gaurav Kansal]

Dear Team,

 

I am running BIND 9.10.2 version on CentOS and running roughly 500 domains and for most of them I am a slave server.

 

In few of them, I have different zone file based on Internal and External view.

And for rest of them, I am using  a single file for both the View.

 

This configuration was working fine till BIND version 9.9.5 but yesterday I updated to 9.10.2 and I am facing the following error.

 

May 29 12:43:58 NKN-IPV6-DNS named[17727]: /var/named/zonedata/gov-zone.data:3: writeable file 'govdomains/xyz.gov.in.fwd': already in use: /var/named/zonedata/gov-zone.data:3

 

This is happening because I am calling same zone file in both view.

Please help me out what I should do for getting rid of this issue.

 

 

Thanks and Regards,

Gaurav Kansal

 

[Mark Andrews]

This has always been a configuration error. Give each zone its own
file.

Specifying the same file leads to corrupted journals, data from the
other view being published in the wrong view etc.

Mark

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

[Niall O'Reilly]

On Fri, 29 May 2015 08:23:55 +0100,
Gaurav Kansal wrote:
>
> Dear Team,
>
> I am running BIND 9.10.2 version on CentOS and running roughly 500
> domains and for most of them I am a slave server.
>
> In few of them, I have different zone file based on Internal and
> External view.
>
> And for rest of them, I am using a single file for both the View.
>
> This configuration was working fine till BIND version 9.9.5

As I understand, this configuration was never supported.

Each instance (view) of a slave server needs a private file in which
to write zone data transferred from the master. Having multiple
instances use the same file means that they may over-write each
other's work. Managing this contention was never a design feature.

> but
> yesterday I updated to 9.10.2 and I am facing the following error.
>
> May 29 12:43:58 NKN-IPV6-DNS named[17727]:
> /var/named/zonedata/gov-zone.data:3: writeable file
> 'govdomains/xyz.gov.in.fwd': already in use:
> /var/named/zonedata/gov-zone.data:3

The new version now gives an error message in case you use this
kind of unsupported configuration.

> This is happening because I am calling same zone file in both view.
>
> Please help me out what I should do for getting rid of this issue.

You need to use as many copies of each zone file as you have views
needing to write to it.


Best regards,
Niall O'Reilly

[Gaurav Kansal]

Thanks for information.
Is there any other way by which I can define the zone (which are same for
all views) outside the view or anything else by which I don't need to
replicate the file for all the views.

Regards,
Gaurav Kansal

[Cathy Almond]

>From 9.10.0 there is a new zone type 'in-view'. From the release notes:

The new "in-view" zone option allows zone data to be shared between
views, so that multiple views can serve the same zones authoritatively
without storing multiple copies in memory. [RT #32968]

I think this will do what you want (apologies for the scant
documentation about it)

Cathy

[Gaurav Kansal]

 

> >From 9.10.0 there is a new zone type 'in-view'.  From the release notes:

> The new "in-view" zone option allows zone data to be shared between views, so that multiple views can serve the same zones authoritatively without storing multiple copies in memory. [RT #32968]

> I think this will do what you want (apologies for the scant documentation about it)

 

Thanks Cathy.

It will help me a lot.

 

Actually I had add zone definition of all my zones (roughly 500) in one file and include the same file in both the view.

Now I have to create 2 files with different zone definition (one contains definition and the second one contains ‘in-view’ parameter). I know that this is not at all tough I but I just need to know if I can use same file for including in both the view (by anyhow).

 

Regards,

Gaurav Kansal

 

[Niall O'Reilly]

On Fri, 29 May 2015 11:25:48 +0100,
Cathy Almond wrote:
>
>
> From 9.10.0 there is a new zone type 'in-view'. From the release notes:

Neat!


Thanks and best regards,

Niall O'Reilly

[Niall O'Reilly]

On Fri, 29 May 2015 11:49:35 +0100,
Gaurav Kansal wrote:
>
> Now I have to create 2 files with different zone definition (one
> contains definition and the second one contains ‘in-view’ parameter).
> I know that this is not at all tough I but I just need to know if I
> can use same file for including in both the view (by anyhow).

You can find some helpful examples in the configuration files
used by the test suite (.../*.conf below):

dhcp-162(niall)14: tar xzf ~/Downloads/bind-9.10.2.tar.gz

dhcp-162(niall)16: find bind-9.10.2/ -type f -exec fgrep -q in-view {} \; -print
bind-9.10.2//bin/named/server.c
bind-9.10.2//bin/tests/system/checkconf/bad-sharedzone1.conf
bind-9.10.2//bin/tests/system/checkconf/bad-sharedzone2.conf
bind-9.10.2//bin/tests/system/checkconf/good.conf
bind-9.10.2//bin/tests/system/views/ns2/named2.conf
bind-9.10.2//CHANGES
bind-9.10.2//doc/arm/Bv9ARM-book.xml
bind-9.10.2//doc/arm/Bv9ARM.ch06.html
bind-9.10.2//doc/misc/options
bind-9.10.2//lib/bind9/check.c
bind-9.10.2//lib/isccfg/namedconf.c

You'll also find documentation (in the ARM) of the restrictions on
which other options can validly be used together with "in-view":

An "in-view" option cannot refer to a view that is
configured later in the configuration file.

A "zone" statement which uses the "in-view" option may
not use any other options with the exception of
"forward" and "forwarders". (These options control the
behavior of the containing view, rather than changing
the zone object itself.)

An "in-view" zone cannot be used as a response policy
zone.

I think you'll find that just one of your views can reference the
zone file, while the other(s) will have an "in-view" option
referencing the first view.

I hope this helps.