How to check slave zone freshness

2016-02-08 Thread Klaus Darilion
Hi! I want to monitor the freshness of my slaves zones. Is it somehow possible to extract the status of slave-zones from bind? Thanks Klaus ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users

Re: How to check slave zone freshness

2016-02-08 Thread Tony Finch
Klaus Darilion wrote: > > I want to monitor the freshness of my slaves zones. Is it somehow > possible to extract the status of slave-zones from bind? If you are running 9.10 or later you can use `rndc zonestatus`. I have an older script which just looks at the

Re: How to check slave zone freshness

2016-02-08 Thread Warren Kumari
The standard, compatible way to do this is simply to do a lookup for the SOA record and make sure that the serial number matches what you expect it to be / what is on the master. I'm not sure what monitoring tool you are using (or if you are writing your own), but most standard monitoring tools

Re: How to check slave zone freshness

2016-02-08 Thread Warren Kumari
There is also transfer logs -- you could watch those and see if you are getting any failures, but this seem, um, more brittle.. W On Mon, Feb 8, 2016 at 6:22 AM Klaus Darilion wrote: > > > Am 08.02.2016 um 14:59 schrieb Warren Kumari: > > The standard, compatible

Re: How to check slave zone freshness

2016-02-08 Thread Klaus Darilion
Am 08.02.2016 um 14:58 schrieb Tony Finch: > Klaus Darilion wrote: >> >> I want to monitor the freshness of my slaves zones. Is it somehow >> possible to extract the status of slave-zones from bind? > > If you are running 9.10 or later you can use `rndc

Re: How to check slave zone freshness

2016-02-08 Thread Klaus Darilion
Am 08.02.2016 um 14:59 schrieb Warren Kumari: > The standard, compatible way to do this is simply to do a lookup for the > SOA record and make sure that the serial number matches what you expect > it to be / what is on the master. I'm not sure what monitoring tool you > are using (or if you are

Resolver optimization of auth selection - Truth or Myth?

2016-02-08 Thread MURTARI, JOHN
Folks, Just trying to settle a question on BIND based resolver operation. When given multiple authoritative servers for a zone, does it optimize selection based on auth server response times? For example: --- I'm located in Sydney, Australia and my ISP has

RE: Resolver optimization of auth selection - Truth or Myth?

2016-02-08 Thread Darcy Kevin (FCA)
I suspect they changed the algorithm, in light of recent research findings about attackability. See http://www.cs.technion.ac.il/~gnakibly/papers/WOOT13.pdf

Re: Resolver optimization of auth selection - Truth or Myth?

2016-02-08 Thread Barry Margolin
In article , "Darcy Kevin (FCA)" wrote: > If you take a look at sections 4.1 & 4.2 - they seem to say > BIND 9.8 gets it a little backwards and starts to prefer >

Re: How to check slave zone freshness

2016-02-08 Thread Mark Andrews
With a modern nameserver that supports the expire edns option you can also do "dig +expire soa zone @server" which will tell you how long until the zone will expire on this server. e.g. ;; BADCOOKIE, retrying. ; <<>> DiG 9.11.0pre-alpha <<>> +expire soa . +norec +noauth ;; global options: +cmd