[dns-operations] DNS zone monitoring

John Wobus jw354 at cornell.edu
Thu Jun 17 17:14:08 UTC 2010


> Another case where it doesn't work hugely well is if you are providing
> secondary service for someone else ...

We do periodic checks.

For our own zones, we update the serial number often and check
to see that all authoritative servers have what we expect.

For others' zones, we take the SOAs' refresh, retry and expire values  
and
look at the zone files' mod times, and try and identify cases
where transfers have been failing for too long.  Depending upon the
intervals the master site has in the SOA, this is not necessarily  
possible
until too late.  However, it has helped us identify some problems before
the zones expired.  Obviously, this means the monitoring must be done
on the slave server itself rather than using digs from somewhere else.

John Wobus
Cornell U



More information about the dns-operations mailing list