[dns-operations] [Ext] a note on fetching the root zone using "dig"

Paul Vixie paul at redbarn.org
Thu Nov 1 17:04:55 UTC 2018



Edward Lewis wrote:
> On 10/31/18, 18:45, "dns-operations on behalf of Paul
> Vixie"<dns-operations-bounces at dns-oarc.net on behalf of
> paul at redbarn.org>  wrote:
>
>> today i started getting this:
>
> ...
>
> One lesson I took from the situation (when I faced it) was to monitor
> your monitors constantly.  Like, a daily summation (of all
> monitors) script that arrives at like 1pm, or whenever you just get
> out of bed and begin to work (;)), that is, at some predictable time
> because, if it doesn't arrive, you have issues.

i can't afford that level of work. instead i've got things arranged so 
that silence means success. (which is why cron's e-mail output works 
that way, fwiw.)

> Another was, whenever updating a system, treat it like a port from
> one environment to another - meaning - if you can, run the monitor in
> an unchanging environment before and after changing the other and
> then compare the results.
>
> A way to interpret that - if you are about to upgrade package A on
> system B, first port your code to new environment C and make sure
> what's on C agrees with what's on B.  Then change A and see if C
> still agrees with B.

i can't afford that, either. when an upgrade breaks a working 
configuration, that's a bug. witness the two-year-long outreach campaign 
that accompanied BIND9's change of the default "allow-query" from "ANY" 
to "LOCALNETS".

i especially can't have "dig . axfr" break because i happened to have 
installed libidn2 since the last time i said "./configure; make install".

vixie



More information about the dns-operations mailing list