On 02/15/2013 10:44 AM, Robert Moskowitz wrote:> I am setting up bind this time around (just rebuilt my test machine via
> Kickstart) without chroot.
>
> I have a fair number of includes for named.conf; I have two views and
> other odds and ends. My thoughts are to make a directory; /etc/named.d
> to put all these includes into instead of 'dirtying' up /etc. This
way
> the only files I replace/add to /etc are named.conf and rndc.key (I
> would like to work the latter around to also be in named.d, but this
> impacts rndc itself).
>
> Thoughts on this? Anyone else have a well segmented named.conf file?
>
That's my line of thinking too. I normally have a pretty skeletal
named.conf file, with all the heavy-lifting going on in files included
from directory /etc/named.d. It seems to me that a more modular
approach minimizes the impact of fat-fingering and generally makes it
easier to change out chunks of configuration as needed.
(named-checkconf is your friend!)
Just for reference, at my place of employment I'm running a "hidden
master" server and two separate sets of slaves for internal and external
access for about 60 separate forward and reverse zones. The named.conf
file basically consists of a single "options" stanza followed by a
series of include statements. The includes themselves have other files
that they include, the tier depth is about four levels deep at most.
So far (knock on head) this has worked out fine for the last 8 years or
so. Before that I was attempting to use a monolithic named.conf file
and found it an absolute bear to maintain. Smaller pieces means smaller
problems, once you've got the overall framework.
Just my $.02!
--
Jay Leafey - jay.leafey at mindless.com
Memphis, TN