A policy for removing named.conf options.
Browne, Stuart
Stuart.Browne at team.neustar
Thu Jun 13 23:48:03 UTC 2019
> -----Original Message-----
> From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of
> Evan Hunt
> Sent: Friday, 14 June 2019 5:40 AM
> To: Warren Kumari
> Cc: Ondřej Surý; comp-protocols-dns-bind at isc.org
> Subject: Re: A policy for removing named.conf options.
>
> On Thu, Jun 13, 2019 at 02:52:34PM -0400, Warren Kumari wrote:
> > all sorts of annoyance -- if I'm running low on space for cache, and
> > spend much time twiddling the "max-acache-size" knob before
> > discovering that someone has simply snipped the wires to it, I'd be
> > super-grumpy.
>
> But hopefully in this scenario you're paying attention to log messages,
> and would have seen the "obsolete option" warning.
>
> The question is, should your nameserver complain and keep running, or
> should it reufse to run? And for "max-acache-size", enh, I'd probably
> be okay with it.
>
> But a standard policy that covers all deprecated options would need
> to be stricter than "enh".
For options that have passed their warning phase and have been removed, I'm all for BIND failing to start and named-checkconf erroring out , rather than quietly ignoring them.
Usless cruft is useless. You're going to the trouble of doing a major-version-upgrade, take the time to tune the config to suit it.
If you're using automation tools, hopefully you've run it through at least one test system before hitting production, yes?
Stuart
More information about the bind-users
mailing list