[dns-operations] online version checks
jgreco at ns.sol.net
Fri Dec 31 12:54:30 UTC 2010
> > Some of us already automate checking versions of DNS servers in our
> > network monitoring systems, but finding out when you really need to
> > upgrade vs a minor feature update is still a bit of an art form; as
> > Paul said, most DNS servers only get restarted very infrequently, and
> > I do not get paid to run around upgrading nameservers just because
> > someone added a new feature we don't use/need anyways.
> Some systems already perform "call home" version checks, e.g. Nominum
> Dec 17 11:27:34 slam CNS: info: newest version of cns is 126.96.36.199; this server is running 188.8.131.52
> Obviously, such a log entry doesn't say anything about the importance
> of upgrading this particular version.
> > My own experience is that the ClamAV (I think) model of e-mailing a
> > notice when important things need attention is useful, but that does
> > not always scale too well to a larger organization.
> I like both e-mail and SNMP traps to a management system - but this
> should be configurable and default to off.
If we're discussing wishful thinking, it'd be nice to have a queryable
flag in the nameserver, maybe alongside the VERSION.BIND stuff.
UPGRADE.BIND -> available, required
This doesn't work, however, for nameservers that don't have access to
the public Internet. For those cases, it'd be more practical to have
a way for a network monitoring system to discover whether or not a
given version of BIND needed to be updated.
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
More information about the dns-operations