Re: how to check if a slave zone is expired

2011-06-04 Thread Warren Kumari 
And I finally gotten enough cycles to write a script to do this and released it 
on Google Code ( https://code.google.com/p/dns-slave-expire-checker/ ). It is 
very simple, but if folk find it useful I can add additional functionality...

It is a simple Python program:

./dns_expire_checker.py -r  -d /data/dns/zones/slaves/
NOTICE: example.com failed more then once to transfer (679683 > (86407 + 10)
ERROR: example.net has expired! (679683 > (604800 + 10))
NOTICE: example.org failed more then once to transfer (679683 > (86407 + 10)



0 Errors:   
1 Expire:   example.net
2 Retry:example.com, example.org
0 Refresh:  
0 Healthy:  


Anyway, share and enjoy.

W




On May 6, 2011, at 11:16 AM, John Wobus wrote:

> I try to catch zones that are not updating on the slaves
> to which I have access.  I compare the modtime of the zone
> file with the current time and the refresh interval
> for the zone.  Typically I allow a failure or two
> before alerting, e.g. wait 1 refresh + 2 retry intervals.
> If the expire interval is very short, this could
> be too late.
> 
> Depending upon the expire interval and refresh interval,
> the window in which you can be alerted and troubleshoot
> a problem might be short.  If you're slaving zones
> for another site, you might not have control of that.
> 
> If you find out refreshes aren't happening long before
> the expiration, and if the zone is pretty static (e.g. a single
> www.example.com address), you don't have to jump very fast to
> address things if the expire interval is weeks.  If folks are
> depending upon records that are dynamic, you want to respond
> pretty quickly.
> 
> John Wobus
> ___
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 

___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: BIND 9.7 Serial Number Decrease Problem

2011-06-04 Thread Phil Mayers 

On 06/03/2011 04:57 PM, Barry Finkel wrote:

I have a problem with BIND 9.7.x on Ubuntu.
I have two servers that are running 9.7.3.
They slave 332 zones, and they also master 213,750
malware/spyware zones that we have defined to reroute these
domains to a local machine.


That's a hell of a lot of zones.

Have you investigated RPZ in the newer versions of bind?


I have no idea why BIND would remember the increased 1239
serial number, when the serial number for the zone has been constant
at 1238 since Mar 04. I have to assume that between Mar 04 and
Jun 03 BIND would have written the zone to disk, either in the
base zone file or a .jnl file.



Perhaps the .jnl file was corrupted when you "-9"ed it?
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users