On Tue, Feb 18, 2014 at 11:44:15PM +0100, markus weber wrote: > I am new to administer a Bind server and after a few problems i ran > into i need to monitor the zonefile transfers of my slave server.
I think the terminology you use shows a part of the confusion. Zone *data* is transferred to slave servers, not zone *files.* > I have searched on google and nagios plugin sites but could not > find anything that fits my needs entirely. > > Here is the Setup: > - MS ActiveDirectory as primary Nameservers (not under my control) > - 2 Bind server as slave for various zones (behind a loadbalancer) > > The problem i ran into, was that the zone transfer didn't work for > some reason and the zone we hold expired causing our mailgateway to > stop relaying mails :/ > > As i sayed i googled around and as i could not find anything i > hacked a nagios plugin myself ( you can find the code here > https://github.com/seppovic/Nagios-plugins/blob/master/libexec/check_dns_zonetransfer.pl). > But i am curious if i took the right "route". These are my > assumptions and a first approach: > > - read named.conf and get master servers > - query soa of slave and get serial If "query" is something like "dig +short zone.example. soa @slave", right. > - query first master and get serial Likewise here, s/slave/master/ > - if serial match: > get zonefile modification time (not sure if this is significant) It is not. Zone data is kept in memory and is written to the journal. At 15-minute intervals, the zone file is written if it differs from actual zone data. > and compare it with localtime and "soa-expiretime" > + warn or crit on threshold > (stat($zoneFile)[9] + $SOA_S->expire) - time > - if master serial > slave serial > create tempfile and check for how long it stays lower > then masters serial > + warn or crit on threshold > - else > test next master > on last master exit with error ( this should not become > true ever, right?) > > > A few problems i discovered: > - sometimes have a higher serial then all masters have, is this > normal on an AD DNS? or am I doing something wrong i thought this > could not happen. > - Some Zones nearly always reach expireation time. and i get a lot > of critical messages and a few hours/minutes before expireation it > does the update. Not enough here to know what's going on. > i hope you can guide me a bit and tell me if this is what i want xD -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
