Adding new domains without restarting

[Chris Buxton]

On Oct 9, 2008, at 1:41 PM, Todd Snyder wrote:
> However, adding
> new zones is still considered high risk, as a restart of the daemon is
> required.

No it's not.

> Additionally, we lose the cache, which could negatively
> impact service.

Understandable. For a busy server, clearing the cache can cause a  
noticeable and sudden spike in both resolution times for end users and  
network traffic in and out of the server.

> So my question is this - is it possible to add a new zone to a  
> currently
> running server and have it load?

Yes. `rndc reconfig`

This command causes named to examine its configuration file  
(named.conf) and, if it is accepted as syntactically correct, enact  
any changes. That means changes to ACL's, keys, options, views, etc.,  
are all reloaded, and it means that new zones are loaded while missing  
(deleted) zones are unloaded.

Existing zones that are still referenced are not checked to see if  
they need reloading. This is, to my knowledge, the only difference  
between 'reconfig' and 'reload'.

> If there are named.conf/zonefile
> typos, will that impact any currently running zones?

Probably not. If there is a typo in named.conf that renders it  
unloadable, an error is written out (either stderr or to log files, I  
forget which) and nothing happens. If a typo in named.conf causes zone  
statements to be commented out, then yes, live zones will go dark.

A typo in a zone will cause an error to be logged, and nothing will  
happen.

To guard against zones being accidentally deleted, I suggest you use  
some kind of validation routine that compares the output of `named- 
checkconf -z` against an expected value, or else use a management  
system that doesn't involve directly modifying named.conf.

If you want to talk about commercial management and monitoring  
products to make this more reliable, please feel free to contact me  
off-list.

Chris Buxton
Professional Services
Men & Mice