From: Lars Mller (lmuelle_at_SuSE.de)
Date: Mon Mar 13 2006 - 08:20:25 CET
Date: Mon, 13 Mar 2006 08:20:25 +0100 From: Lars Mller <lmuelle@SuSE.de> Message-ID: <20060313072025.GE20649@gray.suse.de> Subject: Re: [suse-sles-e] A better framework for named configuration
On Mon, Mar 13, 2006 at 02:35:17PM +1100, Michael James wrote:
> While many of the YaST modules are excellent,
> the SuSE approach to configuring named
> has 3 big problems:
>
> 1) YaST hides the ONLY copy of the master zone files
> way down in /var/lib/named/ !!!
> WHAT is important information doing stashed there?
> Shouldn't ALL configuration info be in /etc ? (Debian style)
That is wrong.
a) The files are in /etc
b) It is not YaST which requires the copies in /var/lib/named/. It's
the chroot feature of BIND.
It's possible to you to disable chroot at all. But then blame yourself
if you run into trouble.
> 2) If the sysadmin sensibly puts zone info into /etc/named.d/master
> they then have to list that file explicitly in
> /etc/sysconfig/named:NAMED_CONF_INCLUDE_FILES
How should the init script know which files have to be copied? If we
copy _all_ files or the whole content of /etc/named.d/ then we got
blamed for being 150% stupid cause it tooks 10 mili seconds longer to
establish the chroot.
But more important: Check what you got by magic in
/etc/named.conf.include with a meta information in the header.
And /etc/named.d/ is _not_ intended for zone files. The zone files had
been with and without chroot in /var/lib/named/ for ages.
> 3) The directory setup in /var/lib/named
> is different to that in /etc/named.d
Again wrong.
> This means /etc/named.conf needs to be changed
> if you ever want to run non-chrooted.
Again wrong.
> I'd like to propose 2 1/2 rules and a script:
>
> Rule 1) The master copies of all named configuration files
> and zones are kept in in /etc/named.d/
/etc/named.conf is the default and will not be changed. This path is
the standard path and I don't see a reason why this should be changed.
Changing this will result in a PITA.
That is already the case. Please, please, please read the
documentation. /usr/share/doc/packages/bind/README.SUSE
If you then still have problems and don't understand why the config and
zone files are handled this way, then point us to the unclear sections.
> ( Actually I have 2 files there,
> "named.master" and "named.slave"
> and I create a primary or secondary server
> by linking the appropriate one to "/etc/named.conf".
As long as these are config files this is fine.
> Rule 2) On named start, restart, and reload;
> everything in /etc/named.d/
> gets recursively copied down into the chroot jail.
Why recursively, if a smarter way is possible?
> Rule 2a) Before doing that,
> preserve a copy of the slave zone files
> that were axfr-ed into the chroot jail during the last run.
If the zone files are inside the chroot, then this is not required.
> A couple of rsync commands implements the guts of this:
>
> # Capture the slave zone info back up to /etc/named.d/slaves
> rsync -a --delete \
> ${CHROOT_PREFIX}/etc/named.d/slaves/ \
> /etc/named.d/slaves/
>
> # Copy the main /etc/named.d/ down into the chroot jail
> rsync -a --delete \
> /etc/named.d/ \
> ${CHROOT_PREFIX}/etc/named.d/
>
>
> Wouldn't this give us a cleaner and more manageable setup?
No. It will provide more pain. The config of the named is in /etc.
The zone files are inside the chroot. And your problem to keep the zone
files from the chroot and from outside in sync will not appear as soon
as you have the zone files at the right place.
Keep it simple and stupid. If you need it create a sym linc from
/etc/named.d/zones to /var/lib/named/whateverdir This will not work as
soon as you need separat dirs for static and dynamic zones. Read on ...
> PS: It would probably be possible to weave dyndns into this.
> I haven't tried. The idea of having my zone tables
> scattered through all the PCs gives me the creeps.
Why and how should that happen? The DHCP daemon requests from the DNS
daemon an update of a record. That's all. And all happens on the
server side. There is nothing on the PCs.
And yes, dynamic DNS with SuSE DHCP and DNS daemons works. There is
also a section about dynamically updated zones in the README.SUSE.
Lars
-- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SuSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
This archive was generated by hypermail 2.1.7 : Mon Mar 13 2006 - 08:20:30 CET