On 02/15/2013 10:44 AM, Robert Moskowitz wrote:
I am setting up bind this time around (just rebuilt my test machine via Kickstart) without chroot.
I have a fair number of includes for named.conf; I have two views and other odds and ends. My thoughts are to make a directory; /etc/named.d to put all these includes into instead of 'dirtying' up /etc. This way the only files I replace/add to /etc are named.conf and rndc.key (I would like to work the latter around to also be in named.d, but this impacts rndc itself).
Thoughts on this? Anyone else have a well segmented named.conf file?
That's my line of thinking too. I normally have a pretty skeletal named.conf file, with all the heavy-lifting going on in files included from directory /etc/named.d. It seems to me that a more modular approach minimizes the impact of fat-fingering and generally makes it easier to change out chunks of configuration as needed. (named-checkconf is your friend!)
Just for reference, at my place of employment I'm running a "hidden master" server and two separate sets of slaves for internal and external access for about 60 separate forward and reverse zones. The named.conf file basically consists of a single "options" stanza followed by a series of include statements. The includes themselves have other files that they include, the tier depth is about four levels deep at most.
So far (knock on head) this has worked out fine for the last 8 years or so. Before that I was attempting to use a monolithic named.conf file and found it an absolute bear to maintain. Smaller pieces means smaller problems, once you've got the overall framework.
Just my $.02!