Bind get zone transfer status after executing rndc reload

Question

I have a script that executes rndc reload <zone_name> in <view_name> on secondary (slave) servers on the zones that are modified. This command returns success if the reload is queued successfully.

I wanted to know if there is a way I can get the status of the actual zone transfer without going through the logs itself. I want to be able to automatically handle the case when bind reload failed based on the error itself. Currently, I have to parse the logs to get the status of the zone transfer after executing rndc reload.

Can someone help me figure out how I can get the status of the zone transfer after executing rndc reload <zone_name> which is better than parsing the logs itself.

NOTE [to add more clarity]: I know notify can be used for master to communicate to the slave about a change. My question is about knowing if there is any way to get notified when the zone transfer initiated by the slave failed due to any reason without parsing the logs.

E.g. May be after notifying the slave, the master server died due to some reason. In this case, when the slave initiates a zone transfer, it would fail on getting the SOA record from the master. I want to get notified for these kind of errors that can happen during zone transfer without actually parsing the logs.

Let me know if more information is needed.

Answer 1

The (error) log file is the only place where Bind will log such errors, so if you don't want to parse the log files for specific errors, (although you can use something like Splunk to automate such parsing and generating relevant alerts) you need to something else.

From a monitoring perspective I think your focus on getting notified on errors during zone transfers misses the point slightly. It's not really the errors that matter so much, it is the fact such errors indicate a reduced, failed or erroneous service. Instead focus on the service.

A correctly configured monitoring solution will detect such changed service state and alert you. Then your engineer/operator can easily search the log file for the relevant cause of that service reduction/failure...

In a master-slave scenario your monitoring needs to ensure that:

• all slave and the master name-servers respond and return zone data
• all slaves return data that is consistent with the master

A good DNS record to monitor for a zone would be the SOA record, as that is something that each name server should always be able to return for every zone.

Second the serial number in the SOA record should tell you if the slave is sync with the master. If there is difference in serial numbers that can be caused by the slave having missed a NOTIFY message, but if that difference is present longer than the SOA refresh interval a more serious issue is at hand.

Answer 2

Create a script slave.sh with:

#!/bin/sh

ns1="yourfirstdnsserver"
ns2="yourslavednsserver" 
serial='grep SOA |cut -d " " -f7'
domain=$1

rndc reload $domain

a=`host -t SOA $domain $ns1 |grep SOA |cut -d " " -f7`
b=`host -t SOA $domain $ns2 |grep SOA |cut -d " " -f7`

if [ $a = $b ];
        then echo "$domain : synchro ok";
        else "$domain : Error";
fi;

Simply use ./slave.sh yourdomain.com.

Enjoy!

Answer 3

a=`host -t SOA yourdomain.com yourns1.com |grep SOA |cut -d " " -f7` && b=`host -t SOA yourdomain.com yourns2.com |grep SOA |cut -d " " -f7` && if [ $a = $b ]; then echo "synchro ok"; else "Error"; fi;