Bind view+sync bug
-
The Bind package supports both 'sync' and 'views'. In a two system failover setup, if:
- sync to configured backup server is enabled. and
- there are two views of the same domain, one to include the LAN subnet and the other to exclude the LAN subnet (www only)
- dnssec enabled (don't know if this is or isn't necessary to demonstrate the bug)
then
All dns requests to the slave mode / backup computer will resolve using only the LAN name database. The version running as the master name server will do the 'split dns' resolution normally.
v 2.3.1-RELEASE-p1
Workaround:
Use Bind for only the www name database, exclude the WAN. Single view. Enable the local resolver / Unbound for the LAN lookups. Be sure to delete /cf/named/etc/namedb/slave/<domain>/* or it will still resolve the old LAN names.</domain>
-
PS. The namedb files in /cf/named/etc/namedb/slave/LAN and …/WAN are the same, and match those under /LAN on the master. The ..../WAN db on the master is correct.