[dns-operations] online version checks

Joe Greco jgreco at ns.sol.net
Fri Dec 31 12:54:30 UTC 2010


> > Some of us already automate checking versions of DNS servers in our
> > network monitoring systems, but finding out when you really need to
> > upgrade vs a minor feature update is still a bit of an art form; as
> > Paul said, most DNS servers only get restarted very infrequently, and
> > I do not get paid to run around upgrading nameservers just because
> > someone added a new feature we don't use/need anyways.
> 
> Some systems already perform "call home" version checks, e.g. Nominum
> CNS:
> 
> Dec 17 11:27:34 slam CNS[86224]: info: newest version of cns is 3.1.0.3; this server is running 3.0.5.1
> 
> Obviously, such a log entry doesn't say anything about the importance
> of upgrading this particular version.
> 
> > My own experience is that the ClamAV (I think) model of e-mailing a
> > notice when important things need attention is useful, but that does
> > not always scale too well to a larger organization.
> 
> I like both e-mail and SNMP traps to a management system - but this
> should be configurable and default to off.

If we're discussing wishful thinking, it'd be nice to have a queryable
flag in the nameserver, maybe alongside the VERSION.BIND stuff.

UPGRADE.BIND -> available, required

This doesn't work, however, for nameservers that don't have access to
the public Internet.  For those cases, it'd be more practical to have
a way for a network monitoring system to discover whether or not a
given version of BIND needed to be updated.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.



More information about the dns-operations mailing list