Can I change the zone file from command line?

Lawrence K. Chen, P.Eng. lkchen at ksu.edu
Thu Jul 25 00:03:20 UTC 2013


Reading this my mind with to: "Monitor it with Nagios, Fix it with Cfengine" -- http://www.sladder.org/?p=261 

Which probably first raises the question on whether you use Cfengine and you have Cfengine managing your DNS? 

For me the answer is yes...but haven't had a situation where we would want our nagios to direct our cfengine to do anything. 

But, I already have in my cfengine / DNS process doing sed and including different files to produce zone files for the 3 views we have here. It is possible to have cfengine make edits to a zone file directly...though editing files with cfengine is only something I've started to find myself doing more and more of lately, but I wouldn't trust it to something this important, yet. 

----- Original Message -----

> Well, I am trying to configure DNS System Monitoring stuff with
> Nagios plugins. This monitor the server status and if any of th link
> fails remove the said IP from zone and reload the zone. This entry
> would have low TTL so that traffic would be routed to new entry
> instantly.

> Lets say I have two ISPs terminated on my firewall and
> www.example.com with private IP 172.16.3.10 is natted with 1.2.3.4
> and 5.6.7.8 with TTL value 300
> Nagios plugin check_tcp would monitor those links or IPs on port 80
> and if any of the link fails I can have by any mean edit the zone
> file and remove the IP associated with failed link so that traffic
> would never reach to that IP.

> Upon recovery the plugin will show the result GREEN and I can again
> have the A record added in zone file, thus reload the zone. Due to
> the low TTL I believe there shouldn't be any issue for populating
> those changes faster.

> What say guys?

> --------------------------------------------------------------------------
> Thanks and Regards,
> Manish R

> On Tue, Jul 23, 2013 at 11:46 AM, Mark Andrews < marka at isc.org >
> wrote:

> > In message <
> > CAN3um4yrT+t7Cp2EZYWq-rM5eWx3-ygOK9VKxVUG4qbxcbpzcA at mail.gmail.com
> > >
> 

> > , Mike Hale writes:
> 
> > > This seems pretty straight forward.
> 
> > >
> 
> > > Use your standard bash tools to modify the file when necessary,
> > > then
> 
> > > you should simply be able to call rndc reload ZONENAME in the
> > > script.
> 

> > Though why one would want to do this rather than just updating the
> 
> > zone using DDNS is beyond me. It's not like DDNS can't be made
> 
> > secure by using TSIG.
> 

> > Normalize the zone file using named-checkzone.
> 
> > Use awk or similar to change the relevent entries and update the
> > SOA
> > serial.
> 
> > Use named-checkzone to confirm that the resulting file is still
> > valid
> > then
> 
> > if it is rename it and reload the zone.
> 

> > named-checkzone -D -q zone file |
> 
> > awk '$1 == "server" && $4 == "A" { print $1, $2, $3, $4, NEWIP}
> 
> > $4 == "SOA" { $7 = $7 + 1; print }' > temp
> 
> > named-checkzone -q zone temp && mv temp file && rndc reload zone
> 

> > Mark
> 

> > > On Mon, Jul 22, 2013 at 10:28 PM, Mihamina Rakotomandimby
> 
> > > < mihamina at rktmb.org > wrote:
> 
> > > > Hello,
> 
> > > >
> 
> > > > I did not catch what you're trying to achieve.
> 
> > > > Please give more details.
> 
> > > >
> 
> > > >
> 
> > > > On 2013-07-23 08:25, Manish Rane wrote:
> 
> > > >
> 
> > > > Hi Folks,
> 
> > > >
> 
> > > > Wondering if I can edit/change the static zone file as a result
> > > > of certain
> 
> > > > bash script. Well, I am trying to write a script which will
> > > > monitor the
> 
> > > > server on certain ports and it if fails to connect to the
> > > > server
> > > > it will
> 
> > > > delete or add the entry from zone file so that traffic will be
> > > > routed to
> 
> > > > another server, possible?
> 
> > > >
> 
> > > > OR does any one aware of such solution available in open
> > > > source?
> 
> > > >
> 
> > > >
> 
> > > >
> 
> > > > _______________________________________________
> 
> > > > Please visit https://lists.isc.org/mailman/listinfo/bind-users
> > > > to
> 
> > > > unsubscribe from this list
> 
> > > >
> 
> > > > bind-users mailing list
> 
> > > > bind-users at lists.isc.org
> 
> > > > https://lists.isc.org/mailman/listinfo/bind-users
> 
> > > >
> 
> > > >
> 
> > > >
> 
> > > > --
> 
> > > > RMA.
> 
> > > >
> 
> > > >
> 
> > > > _______________________________________________
> 
> > > > Please visit https://lists.isc.org/mailman/listinfo/bind-users
> > > > to
> 
> > > > unsubscribe from this list
> 
> > > >
> 
> > > > bind-users mailing list
> 
> > > > bind-users at lists.isc.org
> 
> > > > https://lists.isc.org/mailman/listinfo/bind-users
> 
> > >
> 
> > >
> 
> > >
> 
> > > --
> 
> > > 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
> 
> > > _______________________________________________
> 
> > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> > > unsubscribe
> 
> > > from this list
> 
> > >
> 
> > > bind-users mailing list
> 
> > > bind-users at lists.isc.org
> 
> > > https://lists.isc.org/mailman/listinfo/bind-users
> 
> > --
> 
> > Mark Andrews, ISC
> 
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> 
> > PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
> 

> > _______________________________________________
> 
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> > unsubscribe from this list
> 

> > bind-users mailing list
> 
> > bind-users at lists.isc.org
> 
> > https://lists.isc.org/mailman/listinfo/bind-users
> 

> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list

> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 

Who: Lawrence K. Chen, P.Eng. - W0LKC - Senior Unix Systems Administrator 
For: Enterprise Server Technologies (EST) -- & SafeZone Ally 
Snail: Computing and Telecommunications Services (CTS) 
Kansas State University, 109 East Stadium, Manhattan, KS 66506-3102 
Phone: (785) 532-4916 - Fax: (785) 532-3515 - Email: lkchen at ksu.edu 
Web: http://www-personal.ksu.edu/~lkchen - Where: 11 Hale Library 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130724/dcb35e8c/attachment.html>


More information about the bind-users mailing list