Re: how to check if a slave zone is expired

2011-06-04 Thread Warren Kumari 
And I finally gotten enough cycles to write a script to do this and released it 
on Google Code ( https://code.google.com/p/dns-slave-expire-checker/ ). It is 
very simple, but if folk find it useful I can add additional functionality...

It is a simple Python program:

./dns_expire_checker.py -r  -d /data/dns/zones/slaves/
NOTICE: example.com failed more then once to transfer (679683  (86407 + 10)
ERROR: example.net has expired! (679683  (604800 + 10))
NOTICE: example.org failed more then once to transfer (679683  (86407 + 10)



0 Errors:   
1 Expire:   example.net
2 Retry:example.com, example.org
0 Refresh:  
0 Healthy:  


Anyway, share and enjoy.

W




On May 6, 2011, at 11:16 AM, John Wobus wrote:

 I try to catch zones that are not updating on the slaves
 to which I have access.  I compare the modtime of the zone
 file with the current time and the refresh interval
 for the zone.  Typically I allow a failure or two
 before alerting, e.g. wait 1 refresh + 2 retry intervals.
 If the expire interval is very short, this could
 be too late.
 
 Depending upon the expire interval and refresh interval,
 the window in which you can be alerted and troubleshoot
 a problem might be short.  If you're slaving zones
 for another site, you might not have control of that.
 
 If you find out refreshes aren't happening long before
 the expiration, and if the zone is pretty static (e.g. a single
 www.example.com address), you don't have to jump very fast to
 address things if the expire interval is weeks.  If folks are
 depending upon records that are dynamic, you want to respond
 pretty quickly.
 
 John Wobus
 ___
 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users
 

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND 9.7 Serial Number Decrease Problem

2011-06-04 Thread Phil Mayers 

On 06/03/2011 04:57 PM, Barry Finkel wrote:

I have a problem with BIND 9.7.x on Ubuntu.
I have two servers that are running 9.7.3.
They slave 332 zones, and they also master 213,750
malware/spyware zones that we have defined to reroute these
domains to a local machine.


That's a hell of a lot of zones.

Have you investigated RPZ in the newer versions of bind?


I have no idea why BIND would remember the increased 1239
serial number, when the serial number for the zone has been constant
at 1238 since Mar 04. I have to assume that between Mar 04 and
Jun 03 BIND would have written the zone to disk, either in the
base zone file or a .jnl file.



Perhaps the .jnl file was corrupted when you -9ed it?
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users