rndc reconfig issue

[bsfinkel at anl.gov]

"Ronni Jensen" <roj at mvb.dk> wrote:

>Hi,
>
>Every night I have a perl script generate a config file which contains
>approximately 5000 zones at the moment, but this will vary in size as
>zones are added/removed.
>
>However, when I put >>include "/etc/special-zones.conf";<< into
>named.conf and do "rndc reconfig", the named service is not answering
>DNS queries while it is loading the config, which takes a really long
>time :-/
>
>I was under the impression that "rndc reconfig" would not affect the
>service as such, but apparently it does.
>
>Does anyone have a qualified suggestion on how to reload configuration
>(load the new zones and unload the ones that are not in the config file
>anymore) without stalling the DNS service so it does not affect the user
>experience?
>
>Thank you..

We load a 38,000+ domain malware/spyware zone file, and "rndc reconfig"
takes a while to load.  I have not timed it on my BIND 9.6.0-P1 systems,
but I guess about 20-30 seconds - during which time the server does
not answer queries.  We were re-loading the file at the same time on
our servers, and while debugging an "EDNS" message on a web server
behind an F5 load balancer (and with a post within the past week from
Mark Andrews), I realized that it was not a good idea to reload all of
the servers at the same time, as all were inaccessible at the same
time.  I changed the cron job on two of the servers so that it would
still check for an updates zone file every five minutes, but one minute
after the cron on the other server in the pair (we have two internal
and two external name servers).
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994