Thanks Lars, Cristian, Lews for your help. I did not have to use dnsmasq
or set up a second DNS server after all. Turns out the latest version of
Bind, which is 9, has a new feature called Views. These allow the DNS
server to answer queries based on who is asking the question, and that
is exactly why I needed a split DNS server. So using Views allowed me to
accomplish what I was after... Pretty NEAT!

That said, there is not much in the way of good documentation/examples
on how to use Views, so anyone wanting to do so, you are going to have
to do some trial and error methods. Will offer a few pointers and
suggestions for any openSuSE developer who happens to be reading this-

1. Do NOT use the Yast DNS server tool to do any configuration for you,
if you wish to use Views. It is braindead about both views and include
mechanisms and will simply trash your work on you, I don't think it can
handle em yet.

2. The organization of files for the named server is somewhat difficult
to comprehend. It is not really clear what files get copied out of the
/etc directory over to the chroot directory /var/lib/named and what
don't without grokking the scripts. What is worse is that all the config
and include files exist in a flat space in /etc. This could use some
reorganization so that all named files exist under a single root
directory, IMHO, so as to make it easier to comprehend what files go
where. In particular the built in include mechanism does not assume
anything about exactly where to find include files, and if one uses it
as I did, to create separate directories to hold the config files for
each view, then it will force you to run the rcnamed script from the
/etc directory. The fact that the rcnamed script will prepend the chroot
dir path to the source file/dir name when creating the target dir, for
these copy operations, forces one to use relative paths names, which is
why rcnamed can only then be used from within the /etc directory once
include files are defined. This is either a poor design of this script
or a file model is being used that is not well documented or intuitive
to understand, again IMHO!

3. Last, be careful of using rcnamed when restarting the server. It can
and will delete files and directories in the /var/lib/named area without
doing any kind of backup first. That is poor programming on someone's
part also and breaks a fundamental rule of good computer science - NEVER
delete or change user data without backing it up first and making sure
you have a good backed up copy before making such changes, or deleting
it!!!...

Marc Chamberlin....

That should have been:
The zone files don't know about views, only the named config knows about
views.

Here's a rough outline of what I use:

/etc/named.conf - primary config, includes from named.d/

/etc/named.d/view1.conf

view "number1" { conditions, zone definitions };

/etc/named.d/view2.conf

view "number2" { conditions, zone definitions };


/etc/sysconfig./named:NAMED_CONF_INCLUDE_FILES="view1.conf view2.conf"

FUD! At the top of /etc/sysconfig/named you'll find

# Each time you start one of the daemons with the init script,
# /etc/named.conf, /etc/named.conf.include, /etc/rndc.key, and all files
# listed in NAMED_CONF_INCLUDE_FILES will be copied relative to
# /var/lib/named/.

What is so hard to understand here?

Philipp

John - I think I answered this in my reply to Lars. It may be due, in
part to my not understanding the file system model, but read my response
to Lars and let me know if that helps..

Marc...

Philipp - Using the NAMED_CONF_INCLUDE_FILES specification forces all
copies to be made from /etc/named.d
which may be fine for a flat named declaration without views. But how do
I specify that I want separate include files, using
NAMED_CONF_INCLUDE_FILES for EACH view I define?. Remember, I am TRYING
to use include files to specify part of a view declaration, NOT just
adding in a set of zone statements.

I tried to fool around with this, for example -

NAMED_CONF_INCLUDE_FILES="internal/test.conf"

and created /etc/named.d/internal/test.conf

but that failed to copy test.com over to
/var/lib/named/internal/slave/test.com as I had thought it might. I
even created the intermediate directories under /var/lib - internal /
slave but to no joy. Instead I found these files copied over to
/var/lib/named/ETC/NAMED.D/INTERNAL/TEST.CONF and this is NOT a copy
relative to /var/lib/named as implied in the comments. And EVEN IF this
had worked, I suspect that I would have had to put my test.com file in
two places in order to use a relative include within my views, both at
/etc/named.d/internal/slave/test.com and at
/etc/internal/slave/test.com because I still DON'T know how I would
specify the include statement for the view so that it would pick up the
test.conf file from /var/lib/named/etc/named.d/internal/test.conf
without confusing the rcnamed script when it tries to also copy any
files specified via an include statement.

There isn't a real example of using include files from /etc/named.d to
model after, and since I couldn't figure it out, I took a look at how
things were being done in /var/lib/named. I found /var/lib/named/master
and /var/lib/named/slave defined for a system without views, but since I
want to use views. I thought the model should be to set up the following -

/var/lib/named/internal and put my view's .conf file here
//var/lib/named/external "
/var/lib/named/internal/master and put my view's associated record
files here.
/var/lib/named/internal/slave "
/var/lib/named/external/master "
/var/lib/named/external/slave "

Having no real world model/example to work with, I am having to
infer/guess how to organize files for multiple views. Hence my
complaint, I DON'T understand how to use the built-in include
mechanism's in such a way as to apply them intuitively to views. I have
managed to figure out a way, but it certainly was NOT intuitive or obvious.

Marc

Just name them all, separated by blanks. I also run multiple views and
that's how I do it.
Yes, that is understood. It really works fine.
No, the copying over of files is ONLY for config/include files, zone
files are never touched.
Mayby the comments are wrong, but copy is done correctly.
What is that file - a zone file or a config file?
Just like normal - "include internal/test.conf".
The zone files don't know about views, only the named config.
There is nothing to organize, Marc.

You define your views in the named config files, either as one or as
multiple files. Your views contains the zones as per your desires, and
identify which zone files to use. That's it. End of story.

John - I am going to disagree with you and this is what I am trying to
point out.... Some of the files under /var/lib/named do get copied over
from /etc and SOME DO NOT. For example the actual files containing DNS
records do NOT get copied over and therefore MUST be edited directly
under /var/lib/named/... As a user, trying to grok what is the model
behind the file system is not easy, nor can I find it well documented.

Nevertheless, I will continue to argue that a more robust design would
compare time stamps on files to be copied over, and before any files
designated to be copied, the script should first back up the target
files. That is a far more friendly design and far safer form of a
programming practice. (you don't have to backup up to an infinite depth
either, limit it to say 10 levels or whatever....)

The overall design of the file system supporting the bind/named DNS
server is really poorly thought out. Not only did I get confused and
lost time and data trying to figure it out, but I will further argue
that I do NOT understand why all servers cannot be architect in such as
way so that ALL of their files can be found under a single "root"
directory. And to me there is a real logical location - /srv/named that
should hold ALL the files for the DNS server. (as well as all other
servers such as /srv/tomcat6 /srv/ftp /srv/samba /srv/dhcp /srv/mysql
etc etc....)

Why do all these files need to be scattered all over the place? If
necessary use links to "put" files in other places, but for heaven's
sake make it easy to FIND ALL of them under a single dir!!! It would
also make it a lot easier when migrating from one version of SuSE to the
next, I could just put /srv in it's own partition and mount it then...
(an yes I might have to do some reconfiguring, but at least I would have
a good starting point and KNOW where everything is located...)

Marc Chamberlin...

AFAIK, the copying over over config files from /etc/named* is to create
the chroot jail for named - there should be no reason for checking
timestamps etc, the jail must contain an exact copy of the
configuration.
All services COULD be re-configured that way, that is not a problem.
You're also free to reconfigure your own setup as you wish. However,
the default filesystem setup usually comes with the application itself,
and changing it too much might not be easy/optimal (depends on how
flexible the application is).


/Per

On Fri, Dec 31, 2010 at 04:52:53PM -0800, Marc Chamberlin wrote:
[ 8< ]
Which bug report have you filed? ID please.
Sorry, here I'm not able to follow you. /etc/sysconfig/named clearly
states what's done. If the documentation isn't clear or straight enough
file a bug report.

Discussiong an issue on a list isn't a bug report. ;)
Then you have to rename and reorganize the structure of the named %files
section. And this results in changing the location of files. This
includes the risk to break running configurations.

Unfortunately moving configuration files which are tagged as
%config(noreplace) in the %files section of the spec file isn't that
easy.
Either the implemantation is broken or you've not read the comments in
/etc/sysconfig/named

Please consider to open a bug report for this particular include issue.
And this sounds like you've not read the comments in the sysconfig file.
Either use relative path names or fully qualified file/ path names.
This is covered by which bug ID? No report in bugzilla = no issue.

Which files are deleted or overwritten?

Lars

Please be specific. Which files do not get copied?

I'm not trying to argue, just trying to understand the problem.