[FEATURE REQUEST] update same zones on different Views with masters and slaves which are defined as group

[mohsensaeedi]

fM Version : 4.0.2
fmDNS Version : 4.0.2

In raising this issue, I confirm the following :

• I have read and understood the contributors guide.
• I have checked that the bug-fix I am reporting can be replicated, or that the feature I am suggesting isn't already present.
• I have checked that the issue I'm posting isn't already reported.
• I have checked that the issue I'm posting isn't already solved and no duplicates exist in closed issues and opened issues
• I have checked the pull requests tab for existing solutions/implementations to my issue/suggestion.

---

(BUG | ISSUE) Expected Behavior:
as you know, we can use different views on bind (external and internal) to split horizon responses based on client IP source. slave servers should be able to update same zone on different View with same master servers. when we setup Bind without fmdns, it works like a charm, for example we define 192.168.1.1 as example.com master server (for external view) and 192.168.2.1 as example.com master server (for internal view). master servers send zone file based on slaves IP source. therefore, when slave server send AXFR request as 192.168.1.x, receives example.com in external view and when slave server send AXFR request as 192.168.2.x, receives example.com in internal view. when we use group server in Fmdns, it force slaves zone to use static master IP address (or master's name resolved to IP address). We expect a way to define additional IP address for master servers and use it as alternate master IP address for some zones (for example in Internal views).

If this is a bug (or feature request) different notfiy-sources is required for different view. maybe we can set this item for one master server as zone option. but with more master servers we are unable to define notify-source per master server. is it possible?

I mean same as this guide Setting Up a Slave Name Server for a Zone in Multiple Views

(BUG | ISSUE) Actual Behavior:
Use predefined master IP address for all zones in any views. because we are using server groups (as #279)
(BUG | ISSUE) Steps to reproduce:
We have two masters and two slaves. We have two views which are defined by name Internal and External.

1. Create a server group with two masters and two slaves.
2. Create two views (Internal , External)
3. Create a zone in "External" and a create a zone in "Internal" Views. for example zone name is example.com
4. Build the config on all servers in the group
5. Slaves zones use same master IP address on both Views.
   Obviously, in this case we can not update same zones (with different dns records on different Views). I read various issues about this case And I did not find anything similar.

[WillyXJ]

This is a use case that was not thought of during development. This has been changed to a feature request.

[WillyXJ]

I'm sorry for the late response here, but while digging into the feature request, I believe this scenario can already be accomplished by using the server overrides for view and zone options.

1. Create a server group with two masters (master1, master2) and two slaves (slave1, slave2).
2. Create two views (Internal , External)
3. Edit the "Additional Options" for each view to define the query-source for "All Servers" which will apply to the masters.
4. Edit the "Additional Options" for each view and select "slave1" from the server drop down to define a different query-source address. Repeat for slave2.
5. Create a zone in "External" and a create a zone in "Internal" Views. for example zone name is example.com
6. Edit the "Additional Options" for each zone to define the transfer-source like you did for the zone query-source.
7. Build the config on all servers in the group
8. Slaves zones use same master IP address on both Views (just like the example link you provided), but the query-source and transfer-source values should be different between the masters and the slaves.

[oiLvAcciNe]

Hi,

can we take a look at this?

I am trying to accomplish a view setup in bind.
The answer is ok. Based on the "match-clients" acl that i defined.

But i am having a problem while transferring this to the slave server.
The master refuses the transfer ... to the best of my knowledge this is because there is no key setup for masters on the slave.

if i put a key in the master server i can only download the zone from that view where the key is in/matches the allow-transfer

But
rndc retransfer nos.nos in external
or
rndc retransfer nos.nos in external

it will always use internal tsig key specified in the master

.
.

.
.
.
if i manualy edit te file to the view/zones ... to include the key in master it all works fine

zones/zones.conf.internal
masters { 10.156.45.72 key internal; };

zones/zones.conf.external
masters { 10.156.45.72 key external; };

.

.
.
.
.

My fM version on this lab server is v4.3.0
And fmDNS is v5.2.1

.
.
this img below is also a mannualy edit of the named.conf file to provide a lab
.
.

.

I have already tried to to some setup/configuration in fmDNS ... and also this steps provided above ...

But i'm missing something or this is not possible yet in gui. Can you confirm?

A possible solution : ...
Could we have a entry in the edit view to insert a key value for zone transfer
(that would be added to the master ip / key slave zone configurating / inside "zones/zones.conf.external" ? ... per example ... )

Regards

[WillyXJ]

@oiLvAcciNe Thanks for the report and suggestion of a fix. You are correct in the UI does not currently support your scenario and I will get a commit in for selecting a key for each view.

[WillyXJ]

Actually, @oiLvAcciNe you can define multiple keys for a server and then you should be able to limit the transfer based on view like you've done with "allow-transfer."

The only problem is I see the UI allows for multiple keys to be defined on a server, but the configuration that gets built only displays one key. So, there's still an issue with the code...

[WillyXJ]

You can also associate a key with a view:

If you associate your internal and external keys to your server and then associate the keys with their respective views, it might provide the results you are looking for.

[oiLvAcciNe]

Hi,
Thanks for looking into this and getting a fix.
.

• About the server keys.
  Aldo the syntax allows for multiple keys the current versions of bind does not allow more than one (tested in bind 9.11, 9.16)
  .
  
  .

• Associating keys with the zone.
  I does not help, as far as i tested.
  .
  .

Have also tested the masters setting
But with this we would need to separate and create different settings per server. (instead of using the name server groups magic)
Its probably possible but not doable... i would need to create a zone master for server1 the a zone slave for server2
(and all diff setting to accomplish this)
.
Regarding this I've seen that if you try to put in masters same server with different keys it only writes the first one.

(but this is another issue, not totally related with what we are discussing)

.
.
.
The only setting that I've seen working is putting in the slave the line of the master with the key.

.
https://kb.isc.org/docs/aa-00851
In this example we can see the different option
My scenario would be example 3, or probably example4 ... example3 is more my case i would say.
.

Where to store this key setting? ... we probably could think in putting it in the view settings or in the zone settings.
But the code that generates the conf would needs to have this in consideration...
(in zone we need to consider the clone zone ... like my case ... where i'm trying to put "same zone" in two views ... same zone but needs different keys)
.

.
.
tks
(if a had some time i could try to look to the php code for this, but not right now, so if you can help ... many thanks again).

[oiLvAcciNe]

Hey,
Did you have the opportunity to investigate this?

dS

[WillyXJ]

I hope to have a solution for this in v6.1.0.