Checking for zone expiration?
Chris Thompson
cet1 at cam.ac.uk
Mon May 21 21:27:35 UTC 2012
On May 21 2012, Alan Batie wrote:
>We had a rather key zone mysteriously expire on a slave this morning -
>the log files show a transfer a couple weeks ago, but it hadn't been
>updated so there was no reason for one since and there were no log
>entries about failed connection attempts.
Do you have "try-tcp-refresh no" in your named.conf options? If so,
and the slave had lost connectivity with the master, the SOA lookups
failing would not have triggered a transfer attempt and so you would
not see any "xfer-in" errors.
> I was wondering if there's a
>way to check the remaining time on a zone for monitoring? If you fetch
>the SOA, you get the full ttl, for obvious reasons, not the server's
>timer...
As Barry Margolin posted, check the mtime on the slave's zone file,
as BIND updates this each time it determines a new zone transfer is
not required.
Often, a good check for there being any zones verging towards
expiring is to look at the end of an "ls -ltr" listing of the
directory in which zone files are stored. For automation, use
something like "find [directory] -name [pattern] -mtime +3".
This works better if the files for "type slave" zones are kept
in a separate directory (or directories) from the "type master"
ones, if any.
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list