[dns-operations] DNS zone monitoring
Joe Greco
jgreco at ns.sol.net
Mon Jun 14 12:34:05 UTC 2010
> On 6/13/10 9:29 PM, Joe Greco wrote:
> >> On 2010-06-13, at 22:56, Joe Greco wrote:
> >>
> >>> I was just in a discussion elsewhere that brought up an old topic:
> >>>
> >>> How do people monitor for secondary servers that are having trouble
> >>> updating a zone from the master?
> >>
> >> We direct an apex/IN/SOA query to all servers for each zone we are
> >> checking, and if we see inconsistent serial numbers we sound alarms.
> >
> > Yes, but that's only useful if your SOA's are changing. For many zones,
> > there's no need for the serials to change. Besides, I already indicated
> > we did that. :-)
>
>
> One thing I employ is a test zone (something.test) and set all the SOA
> values way down, such as a 5 min expire. This way the slaves are
> actively doing their master-slave thing constantly. If there's a problem
> the slaves eventually expire the test zone and that sets off alarms.
That's sufficiently obvious that now I almost feel silly. It's still not
quite what I'd prefer, but I think it addresses many of the cases that I
can think of. Others, like disk-full-failed-to-transfer, haven't actually
shown themselves to be likely scenarios... maybe that could be tested by
shifting the length of the test zone file around (yes, a crappy/hacky test,
obviously).
Thanks for the idea. If anyone else has any comments, though, please do
feel free to comment.
... JG
--
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.
More information about the dns-operations
mailing list