Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
detect if zone/s is frozen
676 views
Skip to first unread message
Justin T Pryzby
Sep 3, 2013, 3:31:08 PM9/3/13
to bind-...@lists.isc.org
Is there a nice way to tell if any zone is frozen (or a specific
zone)? I'm hoping to implement a nagios check, since I have several
times gotten distracted while making an update, and forgot to "thaw"ed
the zone until something odd happens later on.
Thanks,
Justin
zone)? I'm hoping to implement a nagios check, since I have several
times gotten distracted while making an update, and forgot to "thaw"ed
the zone until something odd happens later on.
Thanks,
Justin
/dev/rob0
Sep 3, 2013, 5:17:28 PM9/3/13
to bind-...@lists.isc.org
Consider using nsupdate(8) to make your changes.
--
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Mike Hoskins (michoski)
Sep 3, 2013, 5:24:00 PM9/3/13
to bind-...@lists.isc.org
-----Original Message-----
From: /dev/rob0 <ro...@gmx.co.uk>
Organization: RTFM
Reply-To: "bind-...@lists.isc.org" <bind-...@lists.isc.org>
Date: Tuesday, September 3, 2013 5:17 PM
To: "bind-...@lists.isc.org" <bind-...@lists.isc.org>
Subject: Re: detect if zone/s is frozen
>On Tue, Sep 03, 2013 at 12:31:08PM -0700, Justin T Pryzby wrote:
>> Is there a nice way to tell if any zone is frozen (or a
>> specific zone)? I'm hoping to implement a nagios check, since
>> I have several times gotten distracted while making an update,
>> and forgot to "thaw"ed the zone until something odd happens
>> later on.
>
>I would suggest that if you're making much use of rndc freeze, YDIW.
>Consider using nsupdate(8) to make your changes.
True, but I just setup two new networks where the tenants wanted exactly
this capability...so use cases exist. It got me thinking, and I was
hoping for a answer all day. :-) It would be nice to be able to monitor,
since just looking for missing jnl's or something obvious doesn't work
(maybe a command to force jnl rewrite for any thawed zones would do it,
then you could really just monitor for jnl's missing >threshold).
Failing an easy monitoring solution (I don't see anything in terms of rndc
options, or old/new stats output), you might consider creating a wrapper
that does the rndc freeze/vi/update serial to mtime/rndc thaw and post it
clearly in /etc/motd. Not perfect, but would mostly work except when you
get distracted in the middle of the vi session. :-)
From: /dev/rob0 <ro...@gmx.co.uk>
Organization: RTFM
Reply-To: "bind-...@lists.isc.org" <bind-...@lists.isc.org>
Date: Tuesday, September 3, 2013 5:17 PM
To: "bind-...@lists.isc.org" <bind-...@lists.isc.org>
Subject: Re: detect if zone/s is frozen
>On Tue, Sep 03, 2013 at 12:31:08PM -0700, Justin T Pryzby wrote:
>> Is there a nice way to tell if any zone is frozen (or a
>> specific zone)? I'm hoping to implement a nagios check, since
>> I have several times gotten distracted while making an update,
>> and forgot to "thaw"ed the zone until something odd happens
>> later on.
>
>I would suggest that if you're making much use of rndc freeze, YDIW.
>Consider using nsupdate(8) to make your changes.
this capability...so use cases exist. It got me thinking, and I was
hoping for a answer all day. :-) It would be nice to be able to monitor,
since just looking for missing jnl's or something obvious doesn't work
(maybe a command to force jnl rewrite for any thawed zones would do it,
then you could really just monitor for jnl's missing >threshold).
Failing an easy monitoring solution (I don't see anything in terms of rndc
options, or old/new stats output), you might consider creating a wrapper
that does the rndc freeze/vi/update serial to mtime/rndc thaw and post it
clearly in /etc/motd. Not perfect, but would mostly work except when you
get distracted in the middle of the vi session. :-)
/dev/rob0
Sep 3, 2013, 5:37:18 PM9/3/13
to bind-...@lists.isc.org
On Tue, Sep 03, 2013 at 09:24:00PM +0000, Mike Hoskins (michoski) wrote:
> -----Original Message-----
>
> From: /dev/rob0 <ro...@gmx.co.uk>
> >On Tue, Sep 03, 2013 at 12:31:08PM -0700, Justin T Pryzby wrote:
> >> Is there a nice way to tell if any zone is frozen (or a
> >> specific zone)? I'm hoping to implement a nagios check, since
> >> I have several times gotten distracted while making an update,
> >> and forgot to "thaw"ed the zone until something odd happens
> >> later on.
> >
> >I would suggest that if you're making much use of rndc freeze,
> >YDIW. Consider using nsupdate(8) to make your changes.
>
> True, but I just setup two new networks where the tenants wanted
> exactly this capability...so use cases exist.
Oh I know that use cases exist. But these are people who don't want
> -----Original Message-----
>
> From: /dev/rob0 <ro...@gmx.co.uk>
> >On Tue, Sep 03, 2013 at 12:31:08PM -0700, Justin T Pryzby wrote:
> >> Is there a nice way to tell if any zone is frozen (or a
> >> specific zone)? I'm hoping to implement a nagios check, since
> >> I have several times gotten distracted while making an update,
> >> and forgot to "thaw"ed the zone until something odd happens
> >> later on.
> >
> >I would suggest that if you're making much use of rndc freeze,
> >YDIW. Consider using nsupdate(8) to make your changes.
>
> True, but I just setup two new networks where the tenants wanted
> exactly this capability...so use cases exist.
to accept the new paradigm in the time of DNSSEC and beyond. That's
what I'm suggesting: shift the paradigm. :)
There are other side benefits of maintaining a dynamic zone the
"proper" way: you get IXFR, for historical data and shorter, faster
transfer to slaves.
And for the OP, this would seem to solve his problem: never freeze,
never worry about whether or not a zone is frozen. :)
Kevin Darcy
Sep 3, 2013, 6:15:10 PM9/3/13
to bind-...@lists.isc.org
On 9/3/2013 5:24 PM, Mike Hoskins (michoski) wrote:
> -----Original Message-----
>
> From: /dev/rob0 <ro...@gmx.co.uk>
> -----Original Message-----
>
> From: /dev/rob0 <ro...@gmx.co.uk>
> Organization: RTFM
> Reply-To: "bind-...@lists.isc.org" <bind-...@lists.isc.org>
> Date: Tuesday, September 3, 2013 5:17 PM
> To: "bind-...@lists.isc.org" <bind-...@lists.isc.org>
> Subject: Re: detect if zone/s is frozen
>
> Reply-To: "bind-...@lists.isc.org" <bind-...@lists.isc.org>
> Date: Tuesday, September 3, 2013 5:17 PM
> To: "bind-...@lists.isc.org" <bind-...@lists.isc.org>
> Subject: Re: detect if zone/s is frozen
>
>> On Tue, Sep 03, 2013 at 12:31:08PM -0700, Justin T Pryzby wrote:
>>> Is there a nice way to tell if any zone is frozen (or a
>>> specific zone)? I'm hoping to implement a nagios check, since
>>> I have several times gotten distracted while making an update,
>>> and forgot to "thaw"ed the zone until something odd happens
>>> later on.
>> I would suggest that if you're making much use of rndc freeze, YDIW.
>> Consider using nsupdate(8) to make your changes.
> True, but I just setup two new networks where the tenants wanted exactly
> this capability...so use cases exist.
So put a wrapper around "rndc", tell them the zone files are in a
>>> Is there a nice way to tell if any zone is frozen (or a
>>> specific zone)? I'm hoping to implement a nagios check, since
>>> I have several times gotten distracted while making an update,
>>> and forgot to "thaw"ed the zone until something odd happens
>>> later on.
>> I would suggest that if you're making much use of rndc freeze, YDIW.
>> Consider using nsupdate(8) to make your changes.
> True, but I just setup two new networks where the tenants wanted exactly
> this capability...so use cases exist.
different directory than they really are, and invoke "nsupdate" behind
the scenes, to make the actual changes. They'll *think* they're doing
freeze/edit/thaw, but in actuality the mechanism will be smarter than
that :-)
- Kevin
Tony Finch
Sep 4, 2013, 4:50:43 AM9/4/13
to Mike Hoskins (michoski), bind-...@lists.isc.org
Mike Hoskins (michoski) <mich...@cisco.com> wrote:
live version of your zone and a master file that you edit, and turns the
result into an nsupdate script.
http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/conf/bind/bin/nsdiff
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.
> /dev/rob0 <ro...@gmx.co.uk> wrote:
> >
> >I would suggest that if you're making much use of rndc freeze, YDIW.
> >Consider using nsupdate(8) to make your changes.
>
> True, but I just setup two new networks where the tenants wanted exactly
> this capability...so use cases exist. [...]
> >
> >I would suggest that if you're making much use of rndc freeze, YDIW.
> >Consider using nsupdate(8) to make your changes.
>
> True, but I just setup two new networks where the tenants wanted exactly
>
> Failing an easy monitoring solution (I don't see anything in terms of rndc
> options, or old/new stats output), you might consider creating a wrapper
> that does the rndc freeze/vi/update serial to mtime/rndc thaw and post it
> clearly in /etc/motd. Not perfect, but would mostly work except when you
> get distracted in the middle of the vi session. :-)
Better option: use nsdiff, which calculates the differences between the
> Failing an easy monitoring solution (I don't see anything in terms of rndc
> options, or old/new stats output), you might consider creating a wrapper
> that does the rndc freeze/vi/update serial to mtime/rndc thaw and post it
> clearly in /etc/motd. Not perfect, but would mostly work except when you
> get distracted in the middle of the vi session. :-)
live version of your zone and a master file that you edit, and turns the
result into an nsupdate script.
http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/conf/bind/bin/nsdiff
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.
Mark Andrews
Sep 4, 2013, 8:07:24 AM9/4/13
to Tony Finch, bind-...@isc.org
In message <alpine.LSU.2.00.1...@hermes-2.csi.cam.ac.uk>, Tony Finch writes:
> Mike Hoskins (michoski) <mich...@cisco.com> wrote:
> > /dev/rob0 <ro...@gmx.co.uk> wrote:
> > >
> > >I would suggest that if you're making much use of rndc freeze, YDIW.
> > >Consider using nsupdate(8) to make your changes.
> >
> > True, but I just setup two new networks where the tenants wanted exactly
> > this capability...so use cases exist. [...]
> >
> > Failing an easy monitoring solution (I don't see anything in terms of rndc
> > options, or old/new stats output), you might consider creating a wrapper
> > that does the rndc freeze/vi/update serial to mtime/rndc thaw and post it
> > clearly in /etc/motd. Not perfect, but would mostly work except when you
> > get distracted in the middle of the vi session. :-)
>
> Better option: use nsdiff, which calculates the differences between the
> live version of your zone and a master file that you edit, and turns the
> result into an nsupdate script.
>
> http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/conf/bind/bin/nsdiff
> Tony.
> --
> f.anthony.n.finch <d...@dotat.at> http://dotat.at/
> Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
> Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
> occasionally poor at first.
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-...@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Mike Hoskins (michoski)
Sep 4, 2013, 3:32:11 PM9/4/13
to bind-...@lists.isc.org
-----Original Message-----
From: Tony Finch <d...@dotat.at>
Date: Wednesday, September 4, 2013 4:50 AM
To: Mike Hoskins <mich...@cisco.com>
Cc: "bind-...@lists.isc.org" <bind-...@lists.isc.org>
Subject: Re: detect if zone/s is frozen
Also, I guess I overlooked the obvious? If you nsupdate while a zone is
frozen it looks like the update is refused vs silenty queued (nsupdate
exists non-zero)...so a nagios/whatever monitor could be written that
periodically updates a test record within the zone and complains on
failure.
From: Tony Finch <d...@dotat.at>
Date: Wednesday, September 4, 2013 4:50 AM
To: Mike Hoskins <mich...@cisco.com>
Cc: "bind-...@lists.isc.org" <bind-...@lists.isc.org>
Subject: Re: detect if zone/s is frozen
>Mike Hoskins (michoski) <mich...@cisco.com> wrote:
>> /dev/rob0 <ro...@gmx.co.uk> wrote:
>> >
>> >I would suggest that if you're making much use of rndc freeze, YDIW.
>> >Consider using nsupdate(8) to make your changes.
>>
>> True, but I just setup two new networks where the tenants wanted exactly
>> this capability...so use cases exist. [...]
>>
>> Failing an easy monitoring solution (I don't see anything in terms of
>>rndc
>> options, or old/new stats output), you might consider creating a wrapper
>> that does the rndc freeze/vi/update serial to mtime/rndc thaw and post
>>it
>> clearly in /etc/motd. Not perfect, but would mostly work except when
>>you
>> get distracted in the middle of the vi session. :-)
>
>Better option: use nsdiff, which calculates the differences between the
>live version of your zone and a master file that you edit, and turns the
>result into an nsupdate script.
>
>http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/conf/bind/bin/nsdiff
Thanks for the pointer...
>> /dev/rob0 <ro...@gmx.co.uk> wrote:
>> >
>> >I would suggest that if you're making much use of rndc freeze, YDIW.
>> >Consider using nsupdate(8) to make your changes.
>>
>> True, but I just setup two new networks where the tenants wanted exactly
>> this capability...so use cases exist. [...]
>>
>> Failing an easy monitoring solution (I don't see anything in terms of
>>rndc
>> options, or old/new stats output), you might consider creating a wrapper
>> that does the rndc freeze/vi/update serial to mtime/rndc thaw and post
>>it
>> clearly in /etc/motd. Not perfect, but would mostly work except when
>>you
>> get distracted in the middle of the vi session. :-)
>
>Better option: use nsdiff, which calculates the differences between the
>live version of your zone and a master file that you edit, and turns the
>result into an nsupdate script.
>
>http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/conf/bind/bin/nsdiff
Also, I guess I overlooked the obvious? If you nsupdate while a zone is
frozen it looks like the update is refused vs silenty queued (nsupdate
exists non-zero)...so a nagios/whatever monitor could be written that
periodically updates a test record within the zone and complains on
failure.
0 new messages