Validating named configuration files before "reload"?

[Cricket Liu]

> >The best you could do would be to use the same source that
> >BIND does to parse the config file, and then your tool would
> >have to change with each new release of BIND.  At that point,
> >you may as well just use the server itself.
>
> I'm not sure if you're saying "you may as well use your production
> nameserver"

Uh, no.

> or "you may as well use the nameserver code".

Yes.

> The latter is slightly messy because of the overhead of running the server
> code as well as the file parsing; the former is a Bad Idea because if you
> get the config wrong your service may be down.  A config checker built
> from the same source as the full bind seems like a sensible thing to want.

I agree that any config checker should be built from the same source.  We
actually used a zone data checker build from BIND's source at HP.  It
called db_load() to load a zone data file and check any delegation
information in it.  If db_load() failed, the exit status reflected that.
But
porting it to each successive version of BIND became a nuisance, and
it never checked named.boot or named.conf.  If such an animal were
included as part of the BIND distribution and maintained by the ISC,
that'd be great.

cricket

Acme Byte & Wire
cricket at acmebw.com
www.acmebw.com

Attend the next Internet Software Consortium/Acme Byte & Wire
DNS and BIND class!  See www.acmebw.com/training.htm for
the schedule and to register for upcoming classes.