Validating named configuration files before "reload"?
Cricket Liu
cricket at acmebw.com
Mon Nov 22 19:14:49 UTC 1999
> >The best you could do would be to use the same source that
> >BIND does to parse the config file, and then your tool would
> >have to change with each new release of BIND. At that point,
> >you may as well just use the server itself.
>
> I'm not sure if you're saying "you may as well use your production
> nameserver"
Uh, no.
> or "you may as well use the nameserver code".
Yes.
> The latter is slightly messy because of the overhead of running the server
> code as well as the file parsing; the former is a Bad Idea because if you
> get the config wrong your service may be down. A config checker built
> from the same source as the full bind seems like a sensible thing to want.
I agree that any config checker should be built from the same source. We
actually used a zone data checker build from BIND's source at HP. It
called db_load() to load a zone data file and check any delegation
information in it. If db_load() failed, the exit status reflected that.
But
porting it to each successive version of BIND became a nuisance, and
it never checked named.boot or named.conf. If such an animal were
included as part of the BIND distribution and maintained by the ISC,
that'd be great.
cricket
Acme Byte & Wire
cricket at acmebw.com
www.acmebw.com
Attend the next Internet Software Consortium/Acme Byte & Wire
DNS and BIND class! See www.acmebw.com/training.htm for
the schedule and to register for upcoming classes.
More information about the bind-users
mailing list