Verifying Secondary Updates

[Barry Margolin]

In article <9l96i2$sqc at pub3.rc.vix.com>,
 <pelln at icke-reklam.ipsec.nu.invalid> wrote:
>
>Jeff <cristco at home.com> wrote:
>> We just had our ISP become our secondary DNS.  Can someone confirm how to
>> verify whether they have created our zone files and are updating.  I'm
>> guessing you just perform an NSLOOKUP on a few hosts trying to use their DNS
>> and see if the repsonse says "Non-authoratative" answer then it is resolving
>> from another DNS but if it doesn't say non-authoratative then the zone files
>> reside locally?  Correct?
>
>dig <yourdomain> ns @<isp-nameserver>

I recommend querying for the SOA record rather than the NS records.  That
way you can also make sure that they have the latest version of the zone by
looking at the serial number.

>Then check for the flag 'aa' in the header section of the answer.

You should also use the +norec option.  Otherwise, if this is the first
time that server has been queried, it will perform a recursive query to
your primary server, and forward the response back to the client.  If the
primary server is authoritative (as it normally should be) this response
will have the "aa" flag set.

Another thing you can do is check your log.  Named logs a message when it
responds to a zone transfer request, although you may have to lower the
severity level of daemon messages that are logged in your syslog.conf to
make these messages show up.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.