Oh, meant to add:

> >  - powerdns is serious overkill for my needs (home server with only a
> >    few domains).
> Yeah.  $WORK did a massive conversion of hundreds of domains from BIND9
> to PowerDNS Authoritative Server, and there were various problems along
> the way.  I'm not convinced it was a good idea, even for a large
> Internet firm that does that many domains.  Probably on balance (gains
> in performance and security), but with some reservations.

I recently stumbled upon a (new?) feature of BIND9's 'rndc' control
utility that reduces the relative attraction of PowerDNS:  ability to
add/remove zones without restarting BIND:


  You want to add a new zone or delete an existing zone without restarting
  or reloading a name server.


  Add a new zone statement to named.conf or delete an existing one, then
  run rndc reconfig (for BIND 9) or ndc reconfig (for BIND 8).


At $WORK prior to the changeover to PowerDNS, we had greatly reduced the
risk inherent in restarting BIND9 by building into our rollout process
what they flattered me by naming the 'Rick test' using BIND9's
named-checkconf utility:

#Double-check BIND conffile:
/usr/sbin/named-checkconf -z -t /var/named/chroot/ /etc/named.conf | \
egrep 'missing|not allowed|unknown|not at top of zone|\
appears to be an address|no current owner name|MAXTTL|file not found|\
may not be used with|outside epoch|in future|invalid|unsupported|no TTL|\
ignoring| TTL set to prior TTL' | sort -u 
#Should return null.

This 'lints' the conffiles and all referenced zonefiles (-z), giving you
advance warning of problems that might either prevent BIND9 startup or 
invalidate individual zones at load time.  This alone prevented a lot of
downtime.  And 'rndc relaod [zone]' eliminated most restarts.
_However_, ability to add/remove zones without restarting BIND is huge,
and should eliminate almost all restarts.
luv-main mailing list

Reply via email to