detect if zone/s is frozen
Mike Hoskins (michoski)
michoski at cisco.com
Wed Sep 4 19:32:11 UTC 2013
-----Original Message-----
From: Tony Finch <dot at dotat.at>
Date: Wednesday, September 4, 2013 4:50 AM
To: Mike Hoskins <michoski at cisco.com>
Cc: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: Re: detect if zone/s is frozen
>Mike Hoskins (michoski) <michoski at cisco.com> wrote:
>> /dev/rob0 <rob0 at gmx.co.uk> wrote:
>> >
>> >I would suggest that if you're making much use of rndc freeze, YDIW.
>> >Consider using nsupdate(8) to make your changes.
>>
>> True, but I just setup two new networks where the tenants wanted exactly
>> this capability...so use cases exist. [...]
>>
>> Failing an easy monitoring solution (I don't see anything in terms of
>>rndc
>> options, or old/new stats output), you might consider creating a wrapper
>> that does the rndc freeze/vi/update serial to mtime/rndc thaw and post
>>it
>> clearly in /etc/motd. Not perfect, but would mostly work except when
>>you
>> get distracted in the middle of the vi session. :-)
>
>Better option: use nsdiff, which calculates the differences between the
>live version of your zone and a master file that you edit, and turns the
>result into an nsupdate script.
>
>http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/conf/bind/bin/nsdiff
Thanks for the pointer...
Also, I guess I overlooked the obvious? If you nsupdate while a zone is
frozen it looks like the update is refused vs silenty queued (nsupdate
exists non-zero)...so a nagios/whatever monitor could be written that
periodically updates a test record within the zone and complains on
failure.
More information about the bind-users
mailing list