Tuesday 27 May 2014

Bind configuration verification

DNS/Bind is the critical infrastructure over Internet. And it has the strict syntax format for it's configuration and zone files. the missing or typo can cause the service unable to start. When we are ready to restart or reload the configuration, we will need to  test the configuration.

 1. named-checkconf:
This tool is used to check the BIND main configuration (named.conf)
basic usage is:
named-checkconf [path of named.conf]
this is a bad example
[root@ns tmp]# named-checkconf  /etc/named.conf
/etc/named.conf:27: missing ';' before end of file

 this is a good example:
[root@ns tmp]# named-checkconf  /etc/named.conf
[root@ns tmp]#

 the tool will check the syntax of named.conf but it won't be able to check the logic mistakes such as missing zone files

 2. named-checkzone
This tool is used to check the zone configuration file
basic usage is:
named-checkzone [zone-name] [zone file]
good example
[root@ns tmp]# named-checkzone "localhost"  /var/named/named.localhost
zone localhost/IN: loaded serial 0
OK
[root@ns tmp]# named-checkzone "rafa.com" /var/named/rafa.com
zone rafa.com/IN: loaded serial 2014052401
OK
[root@ns tmp]# named-checkzone "56.168.192.in-addr.arpa" /var/named/192.168.56.zone
zone 56.168.192.in-addr.arpa/IN: loaded serial 2014052401
OK
[root@ns tmp]#

 bad example:
[root@ns tmp]# named-checkzone "www.rafa.com" /var/named/rafa.com
/var/named/rafa.com:2: ignoring out-of-zone data (rafa.com)
zone www.rafa.com/IN: has 0 SOA records
zone www.rafa.com/IN: has no NS records
zone www.rafa.com/IN: not loaded due to errors.
3. service named configtest
this is the tool for all configuration verification. 

 [root@ns tmp]# service named configtest
zone localhost/IN: loaded serial 0
zone 0.0.127.in-addr.arpa/IN: loaded serial 0
zone rafa.com/IN: loaded serial 2014052401
zone 56.168.192.in-addr.arpa/IN: loaded serial 2014052401
umount: /var/named/chroot/var/named: device is busy.
        (In some cases useful info about processes that use
         the device is found by lsof(8) or fuser(1))

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)