howto find errors in log?

Kevin Darcy kcd at daimlerchrysler.com
Mon Jan 24 22:35:32 UTC 2000 

christiantdk at my-deja.com wrote:

> (I tried to post before, but it seems the server didnt agree with me..!)
>
> We run DNS servers with several thousands of domains, to find errors
> I've made a script which goes through the log files and searches for:
>
> Xfer-log
> 1. "Err/TO getting serial# for"
>
> default
> 2. "contains our address"
> 3. "rejected due to errors"
> 4. "syntax error near"
> 5. "could not open"
>
> As I understand, it means:
> 1. Slave server was unable to do a AXFR.

Actually, it means the serial # query failed, usually because of a timeout
trying to contact the master.

> 2. The server is authoritative but doesnt know.

Server sees itself listed as authoritative for a zone, but is not
configured as master or slave for the zone.

> 3. The zone had errors?

Zone file could not be parsed properly.

> 4. Syntax error in named.conf (can it also be a zone file?)

There is a similar message for zonefile parsing problems, but I think it
uses the word "database" instead of "syntax".

> 5. File specified in named.conf could not be opened. Is it only master
> servers?

No, it can apply to any file specified in a zone clause. This could be of
type master, slave, stub or hint.

> The question is if there are any other errors which can be logged and
> mean that our servers are misconfigured?

There are lots of other errors. What I do is scan the logs and filter out
the "routine" messages, then mail myself the output. Unfortunately, this
means I have to change the filter every time a new "routine" message pops
up in a new release of named. But at least I get to see everything that's
out of the ordinary.

> I've seen "sysquery: findns error NXDOMAIN" a couple of times, as I
> understand, it means that the server receives a recursive query for a
> zone delegated to a server which doesnt know?

Right. The name specified for an NS doesn't exist, according to an
authoritative server for the zone containing it.

> As it could be any
> domain, it shouldnt matter to me?

If you're the one with the bad delegation, you should fix it.

> As we have a lot of people making changes to the zones all the time, we
> have thought about doing a web-interface to Bind, which make it
> impossible to do any syntax errors and other stuff.. We thought about
> loading all the zones into a database and then periodically dump the
> contents to the disk.. Anyone know if software to do it exists? Anyone
> have some thoughts on the subject?

There are a number of free as well as commerical products out there to do
DNS maintenance. Unfortunately, from what I've seen, a lot of the
commercial ones are oriented mostly towards integration of DHCP and dynamic
updating of DNS, and not so much towards integrating with an existing
DNS architecture. I haven't tried any of the free ones, personally; our
organization uses a homegrown system that I wrote, but there is another
organization here who uses the University of Utah stuff and seem quite
happy with it.


- Kevin

More information about the bind-users mailing list