[dns-operations] [Ext] a note on fetching the root zone using "dig"
Paul Vixie
paul at redbarn.org
Thu Nov 1 17:04:55 UTC 2018
Edward Lewis wrote:
> On 10/31/18, 18:45, "dns-operations on behalf of Paul
> Vixie"<dns-operations-bounces at dns-oarc.net on behalf of
> paul at redbarn.org> wrote:
>
>> today i started getting this:
>
> ...
>
> One lesson I took from the situation (when I faced it) was to monitor
> your monitors constantly. Like, a daily summation (of all
> monitors) script that arrives at like 1pm, or whenever you just get
> out of bed and begin to work (;)), that is, at some predictable time
> because, if it doesn't arrive, you have issues.
i can't afford that level of work. instead i've got things arranged so
that silence means success. (which is why cron's e-mail output works
that way, fwiw.)
> Another was, whenever updating a system, treat it like a port from
> one environment to another - meaning - if you can, run the monitor in
> an unchanging environment before and after changing the other and
> then compare the results.
>
> A way to interpret that - if you are about to upgrade package A on
> system B, first port your code to new environment C and make sure
> what's on C agrees with what's on B. Then change A and see if C
> still agrees with B.
i can't afford that, either. when an upgrade breaks a working
configuration, that's a bug. witness the two-year-long outreach campaign
that accompanied BIND9's change of the default "allow-query" from "ANY"
to "LOCALNETS".
i especially can't have "dig . axfr" break because i happened to have
installed libidn2 since the last time i said "./configure; make install".
vixie
More information about the dns-operations
mailing list