Can I change the zone file from command line?
Lawrence K. Chen, P.Eng.
lkchen at ksu.edu
Thu Jul 25 00:03:20 UTC 2013
Reading this my mind with to: "Monitor it with Nagios, Fix it with Cfengine" -- http://www.sladder.org/?p=261
Which probably first raises the question on whether you use Cfengine and you have Cfengine managing your DNS?
For me the answer is yes...but haven't had a situation where we would want our nagios to direct our cfengine to do anything.
But, I already have in my cfengine / DNS process doing sed and including different files to produce zone files for the 3 views we have here. It is possible to have cfengine make edits to a zone file directly...though editing files with cfengine is only something I've started to find myself doing more and more of lately, but I wouldn't trust it to something this important, yet.
----- Original Message -----
> Well, I am trying to configure DNS System Monitoring stuff with
> Nagios plugins. This monitor the server status and if any of th link
> fails remove the said IP from zone and reload the zone. This entry
> would have low TTL so that traffic would be routed to new entry
> instantly.
> Lets say I have two ISPs terminated on my firewall and
> www.example.com with private IP 172.16.3.10 is natted with 1.2.3.4
> and 5.6.7.8 with TTL value 300
> Nagios plugin check_tcp would monitor those links or IPs on port 80
> and if any of the link fails I can have by any mean edit the zone
> file and remove the IP associated with failed link so that traffic
> would never reach to that IP.
> Upon recovery the plugin will show the result GREEN and I can again
> have the A record added in zone file, thus reload the zone. Due to
> the low TTL I believe there shouldn't be any issue for populating
> those changes faster.
> What say guys?
> --------------------------------------------------------------------------
> Thanks and Regards,
> Manish R
> On Tue, Jul 23, 2013 at 11:46 AM, Mark Andrews < marka at isc.org >
> wrote:
> > In message <
> > CAN3um4yrT+t7Cp2EZYWq-rM5eWx3-ygOK9VKxVUG4qbxcbpzcA at mail.gmail.com
> > >
>
> > , Mike Hale writes:
>
> > > This seems pretty straight forward.
>
> > >
>
> > > Use your standard bash tools to modify the file when necessary,
> > > then
>
> > > you should simply be able to call rndc reload ZONENAME in the
> > > script.
>
> > Though why one would want to do this rather than just updating the
>
> > zone using DDNS is beyond me. It's not like DDNS can't be made
>
> > secure by using TSIG.
>
> > Normalize the zone file using named-checkzone.
>
> > Use awk or similar to change the relevent entries and update the
> > SOA
> > serial.
>
> > Use named-checkzone to confirm that the resulting file is still
> > valid
> > then
>
> > if it is rename it and reload the zone.
>
> > named-checkzone -D -q zone file |
>
> > awk '$1 == "server" && $4 == "A" { print $1, $2, $3, $4, NEWIP}
>
> > $4 == "SOA" { $7 = $7 + 1; print }' > temp
>
> > named-checkzone -q zone temp && mv temp file && rndc reload zone
>
> > Mark
>
> > > On Mon, Jul 22, 2013 at 10:28 PM, Mihamina Rakotomandimby
>
> > > < mihamina at rktmb.org > wrote:
>
> > > > Hello,
>
> > > >
>
> > > > I did not catch what you're trying to achieve.
>
> > > > Please give more details.
>
> > > >
>
> > > >
>
> > > > On 2013-07-23 08:25, Manish Rane wrote:
>
> > > >
>
> > > > Hi Folks,
>
> > > >
>
> > > > Wondering if I can edit/change the static zone file as a result
> > > > of certain
>
> > > > bash script. Well, I am trying to write a script which will
> > > > monitor the
>
> > > > server on certain ports and it if fails to connect to the
> > > > server
> > > > it will
>
> > > > delete or add the entry from zone file so that traffic will be
> > > > routed to
>
> > > > another server, possible?
>
> > > >
>
> > > > OR does any one aware of such solution available in open
> > > > source?
>
> > > >
>
> > > >
>
> > > >
>
> > > > _______________________________________________
>
> > > > Please visit https://lists.isc.org/mailman/listinfo/bind-users
> > > > to
>
> > > > unsubscribe from this list
>
> > > >
>
> > > > bind-users mailing list
>
> > > > bind-users at lists.isc.org
>
> > > > https://lists.isc.org/mailman/listinfo/bind-users
>
> > > >
>
> > > >
>
> > > >
>
> > > > --
>
> > > > RMA.
>
> > > >
>
> > > >
>
> > > > _______________________________________________
>
> > > > Please visit https://lists.isc.org/mailman/listinfo/bind-users
> > > > to
>
> > > > unsubscribe from this list
>
> > > >
>
> > > > bind-users mailing list
>
> > > > bind-users at lists.isc.org
>
> > > > https://lists.isc.org/mailman/listinfo/bind-users
>
> > >
>
> > >
>
> > >
>
> > > --
>
> > > 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
>
> > > _______________________________________________
>
> > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> > > unsubscribe
>
> > > from this list
>
> > >
>
> > > bind-users mailing list
>
> > > bind-users at lists.isc.org
>
> > > https://lists.isc.org/mailman/listinfo/bind-users
>
> > --
>
> > Mark Andrews, ISC
>
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
>
> > PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
>
> > _______________________________________________
>
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> > unsubscribe from this list
>
> > bind-users mailing list
>
> > bind-users at lists.isc.org
>
> > https://lists.isc.org/mailman/listinfo/bind-users
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator
For: Enterprise Server Technologies (EST) -- & SafeZone Ally
Snail: Computing and Telecommunications Services (CTS)
Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102
Phone: (785) 532-4916 - Fax: (785) 532-3515 - Email: lkchen at ksu.edu
Web: http://www-personal.ksu.edu/~lkchen - Where: 11 Hale Library
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130724/dcb35e8c/attachment.html>
More information about the bind-users
mailing list