On 2014-09-22 Mon 16:51 PM |, Giancarlo Razzolini wrote:
> Craig,
>
> If I understood this correctly this "almost" replace the view
> function on bind? Now that it was dropped I need to start planning my
> transition.
>
Yes. Until 5.3 I was running a split horizon master zone, with different
views for shadow (public) and internal (private).
With the switch to NSD it became unworkable to use a split horizon zone
on the same server internally as:
*) NSD listens on port 53 to authoritatively serve the zone
*) Unbound listens on port 53 to recursively resolve everything else
This way, the old BIND shadow/public master zone is served by NSD, as is
the old internal reverse zone, and a new .internal zone. These are all
proxied ("stubbed") by Unbound for the internal hosts.
There is also an internal slave NSD server that xfers those zones &
stubs them via it's own Unbound daemon - that way I didn't have to hard
code/rdist the internal forward & reverse zones in multiple machine's
unbound.conf
The choice of the internal zone name basically boiled down to:
.localdomain
.priv(ate)
.internal
Apparently,... .local interferers with a lot of Apple gadgets.
<hostmaster@teak:~ 0>$ ls -ld /var/unbound
drwxr-xr-x 6 root wheel 512 Sep 11 15:23 /var/unbound/
<hostmaster@teak:~ 0>$ ls -loAR /var/unbound
total 16
drwxrwx--- 2 _unbound hostmasters - 512 May 9 09:55 db/
drwxr-xr-x 2 root wheel - 512 Sep 16 08:36 dev/
drwxr-x--- 3 hostmaster _unbound - 512 Sep 11 15:36 etc/
drwxr-xr-x 3 root wheel - 512 Apr 24 19:20 var/
/var/unbound/db:
total 4
-rw-r--r-- 1 _unbound _unbound - 759 May 9 09:55 root.key
/var/unbound/dev:
total 0
srw-rw-rw- 1 root wheel - 0 Sep 16 08:36 log=
/var/unbound/etc:
total 136
drwxrwx--- 2 hostmaster hostmasters - 512 Sep 11 15:36 RCS/
-rw-r--r-- 1 hostmaster hostmasters - 333 Apr 30 14:39 notes.txt
-r--r--r-- 1 hostmaster hostmasters - 3323 Apr 26 20:53 root.hints
-r--r--r-- 1 hostmaster hostmasters - 21314 Apr 24 19:20
unbound-example-54.conf
-r--r--r-- 1 hostmaster hostmasters - 23548 Sep 11 15:18
unbound-example-55.conf
-r--r--r-- 1 hostmaster hostmasters - 5939 Sep 11 15:31 unbound.conf
-r--r----- 1 hostmaster _unbound - 1277 Sep 11 15:32 unbound_control.key
-r--r----- 1 hostmaster _unbound - 802 Sep 11 15:32 unbound_control.pem
-r--r----- 1 hostmaster _unbound - 1277 Sep 11 15:32 unbound_server.key
-r--r----- 1 hostmaster _unbound - 790 Sep 11 15:32 unbound_server.pem
/var/unbound/etc/RCS:
total 60
-r--r--r-- 1 hostmaster hostmasters - 4477 Apr 26 21:42 root.hints,v
-r--r--r-- 1 hostmaster hostmasters - 14483 Sep 11 15:32 unbound.conf,v
-r--r----- 1 hostmaster _unbound - 1485 Sep 11 15:34
unbound_control.key,v
-r--r----- 1 hostmaster _unbound - 1010 Sep 11 15:35
unbound_control.pem,v
-r--r----- 1 hostmaster _unbound - 1484 Sep 11 15:36 unbound_server.key,v
-r--r----- 1 hostmaster _unbound - 997 Sep 11 15:35 unbound_server.pem,v
/var/unbound/var:
total 4
drwxrwx--- 2 _unbound hostmasters - 512 Sep 16 08:36 run/
/var/unbound/var/run:
total 4
-rw-r--r-- 1 _unbound _unbound - 6 Sep 16 08:36 unbound.pid
<hostmaster@teak:~ 0>$ ls -ld /var/nsd
drwxr-xr-x 7 root wheel 512 May 1 12:55 /var/nsd/
<hostmaster@teak:~ 0>$ ls -loAR /var/nsd
total 20
drwxrwx--- 2 _nsd hostmasters - 512 Aug 7 13:42 db/
drwxr-xr-x 2 root wheel - 512 Sep 16 08:36 dev/
drwxr-x--- 4 hostmaster _nsd - 512 Sep 11 13:49 etc/
drwxrwx--- 3 _nsd hostmasters - 512 Sep 23 09:48 run/
drwxr-xr-x 4 root wheel - 512 May 1 14:26 zones/
/var/nsd/db:
total 992
-rw-r--r-- 1 _nsd hostmasters - 589824 Sep 11 13:45 nsd.db
/var/nsd/dev:
total 0
srw-rw-rw- 1 root wheel - 0 Sep 16 08:36 log=
/var/nsd/etc:
total 36
drwxrwx--- 2 hostmaster hostmasters - 512 Sep 11 13:49 RCS/
-r--r----- 1 hostmaster hostmasters - 1034 Mar 5 2014 nsd-55.conf
-r--r--r-- 1 hostmaster hostmasters - 2886 Sep 11 13:38 nsd.conf
-r--r----- 1 hostmaster _nsd - 1277 Sep 11 13:45 nsd_control.key
-r--r----- 1 hostmaster _nsd - 790 Sep 11 13:45 nsd_control.pem
-r--r----- 1 hostmaster _nsd - 1277 Sep 11 13:45 nsd_server.key
-r--r----- 1 hostmaster _nsd - 782 Sep 11 13:45 nsd_server.pem
drwxrwxr-x 3 hostmaster hostmasters - 512 May 22 12:45 slaves/
/var/nsd/etc/RCS:
total 32
-r--r--r-- 1 hostmaster hostmasters - 7598 Sep 11 13:39 nsd.conf,v
-r--r----- 1 hostmaster _nsd - 1481 Sep 11 13:47 nsd_control.key,v
-r--r----- 1 hostmaster _nsd - 994 Sep 11 13:48 nsd_control.pem,v
-r--r----- 1 hostmaster _nsd - 1480 Sep 11 13:48 nsd_server.key,v
-r--r----- 1 hostmaster _nsd - 985 Sep 11 13:49 nsd_server.pem,v
/var/nsd/etc/slaves:
total 16
drwxrwx--- 2 hostmaster hostmasters - 512 May 22 12:45 RCS/
-r--r--r-- 1 hostmaster hostmasters - 427 May 13 21:04 XXXXX-nokey.conf
-r--r--r-- 1 hostmaster hostmasters - 169 May 22 12:44 XXXXXXXXXX-nokey.conf
-r--r--r-- 1 hostmaster hostmasters - 346 May 22 12:44 XXXXXXXXXXX-nokey.conf
/var/nsd/etc/slaves/RCS:
total 12
-r--r--r-- 1 hostmaster hostmasters - 581 May 14 09:23 XXXXX-nokey.conf,v
-r--r--r-- 1 hostmaster hostmasters - 384 May 22 12:44
XXXXXXXXXX-nokey.conf,v
-r--r--r-- 1 hostmaster hostmasters - 561 May 22 12:45
XXXXXXXXXXX-nokey.conf,v
/var/nsd/run:
total 12
-rw-r--r-- 1 _nsd _nsd - 6 Sep 23 09:48 nsd.pid
drwxrwx--- 2 _nsd hostmasters - 512 Sep 23 09:48 xfr/
-rw-r--r-- 1 _nsd _nsd - 817 Sep 23 09:48 xfrd.state
/var/nsd/run/xfr:
total 8
-rw------- 1 _nsd hostmasters - 288 Sep 23 09:53 nsd.32222.task.0
-rw------- 1 _nsd hostmasters - 288 Sep 23 09:53 nsd.32222.task.1
/var/nsd/zones:
total 8
drwxr-x--- 3 hostmaster _nsd - 512 Jul 23 09:47 master/
drwxrwx--- 2 _nsd hostmasters - 512 May 1 14:26 slave/
/var/nsd/zones/master:
total 72
-r--r--r-- 1 hostmaster hostmasters - 6109 May 29 16:22
1.168.192.in-addr.arpa
drwxrwxr-- 2 hostmaster hostmasters - 1536 Jun 12 10:37 RCS/
-r--r--r-- 1 hostmaster hostmasters - 2447 Jul 23 09:44 britvault.co.uk
-r--r--r-- 1 hostmaster hostmasters - 7368 May 29 16:21 internal
-r--r--r-- 1 hostmaster hostmasters - 1601 May 30 15:52 rscds-falkirk.org.uk
...
..
/var/nsd/zones/master/RCS:
total 352
-r--r--r-- 1 hostmaster hostmasters - 8563 May 29 16:23
1.168.192.in-addr.arpa,v
-r--r--r-- 1 hostmaster hostmasters - 9184 Jul 23 09:47 britvault.co.uk,v
-r--r--r-- 1 hostmaster hostmasters - 8784 May 29 16:22 internal,v
-r--r--r-- 1 hostmaster hostmasters - 6872 May 30 15:53
rscds-falkirk.org.uk,v
...
..
/var/nsd/zones/slave:
--
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7
