Checking for zone expiration?
michoski at cisco.com
Mon May 21 23:11:51 UTC 2012
From: Mark Pettit <pettit at yahoo-inc.com>
Date: Monday, May 21, 2012 3:53 PM
To: Microsoft Office User <michoski at cisco.com>
Cc: Barry Margolin <barmar at alum.mit.edu>,
"comp-protocols-dns-bind at isc.org" <comp-protocols-dns-bind at isc.org>
Subject: Re: Checking for zone expiration?
>On May 21, 2012, at 2:02 PM, Mike Hoskins wrote:
>> as usual there is more than one way to skin a cat... another
>> network-based way that doesn't involve local mtime checks would be
>> querying the master soa from your monitoring host, and then hitting each
>> slave on port 8080 (or whatever) via statistics-channels (if you enable
>> it) as mentioned earlier on the list. the statistics view returns xml
>> can parse which includes the zones and serials for each zone in each
>> on the slave.
>I have not tried this, so pardon me if I misunderstand, but getting the
>zones and serials from each zone on a slave does not help you determine
>if a zone is about to expire.
>If a zone doesn't change for two years, the serial will never change.
>But the refresh timer will expire over and over, and each time the zone
>must be refreshed. The only guaranteed way I know of to determine
>whether or not it's been refreshed is to check the mtime on the zone file
>on the slave.
*sigh* thanks for the stupidity catch, i jumped the gun -- just enabled
statistics-channels and trying to find more uses for it! ;-)
maybe this could be a feature in a future bind release (per-zone
expiration timer in statistics output). we generally always work to move
anything we can from local/shell-based checks to network queries.
More information about the bind-users