AW: Unable to completely transfer root zone

von Dein, Thomas Thomas.vonDein at f-i-ts.de
Thu Mar 5 12:57:31 UTC 2020 

Hello,

I finally changed the config to type hint. However, now I still have the problem of keeping it up to date, right? Would a monthly cronjob suffice?


Tom

-----Ursprüngliche Nachricht-----
Von: bind-users <bind-users-bounces at lists.isc.org> Im Auftrag von Tony Finch
Gesendet: Freitag, 14. Februar 2020 13:47
An: bind-users at lists.isc.org
Betreff: Re: Unable to completely transfer root zone

Matus UHLAR - fantomas <uhlar at fantomas.sk> wrote:
>
> unfortunately this happens when you decide to mirror root zone and it fails.
>
> you should use more primary servers when possible and change root zone 
> type from secondary to hint if it fails.

In this particular case, adding more primaries would not have helped because the firewall that caused the breakage would have broken every primary.

I have a little monitoring cron job to avoid this kind of problem.
(You'll need to adjust the paths for your setup.)

	#!/usr/bin/perl

	use warnings;
	use strict;

	my $type = '';
	for (qx(named-checkconf -px)) {
		$type = $1 if m{^\s*type\s+(\w+);$};
		next unless $type eq "slave"
		    and m{^\s*file\s+"\.\./zone/(.*)";$};
		my $zone = $1;
		my $file = "/home/named/zone/$1";
		next if -f $file and 1 > -M $file;
		print "stale zone $zone\n";
	}

> Note that rarely someone needs to have local copy of the root zone.

Yes.

> If you use cisco routers, ask network admins to disable any DNS "fixup"
> functionality, because that usually causes problems.

In my experience all Cisco PIX/ASA fuxup options are horribly broken and should be turned off.

Tony.
--
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Shannon: South or southwest 6 to gale 8, increasing severe gale 9 or storm 10 for a time. Very rough at first in east, otherwise high or very high. Rain or showers. Good, occasionally poor.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list