On Oct 9, 2008, at 1:41 PM, Todd Snyder wrote:
> However, adding
> new zones is still considered high risk, as a restart of the daemon is
> required.


No it's not.

> Additionally, we lose the cache, which could negatively
> impact service.


Understandable. For a busy server, clearing the cache can cause a
noticeable and sudden spike in both resolution times for end users and
network traffic in and out of the server.

> So my question is this - is it possible to add a new zone to a
> currently
> running server and have it load?


Yes. `rndc reconfig`

This command causes named to examine its configuration file
(named.conf) and, if it is accepted as syntactically correct, enact
any changes. That means changes to ACL's, keys, options, views, etc.,
are all reloaded, and it means that new zones are loaded while missing
(deleted) zones are unloaded.

Existing zones that are still referenced are not checked to see if
they need reloading. This is, to my knowledge, the only difference
between 'reconfig' and 'reload'.

> If there are named.conf/zonefile
> typos, will that impact any currently running zones?


Probably not. If there is a typo in named.conf that renders it
unloadable, an error is written out (either stderr or to log files, I
forget which) and nothing happens. If a typo in named.conf causes zone
statements to be commented out, then yes, live zones will go dark.

A typo in a zone will cause an error to be logged, and nothing will
happen.

To guard against zones being accidentally deleted, I suggest you use
some kind of validation routine that compares the output of `named-
checkconf -z` against an expected value, or else use a management
system that doesn't involve directly modifying named.conf.

If you want to talk about commercial management and monitoring
products to make this more reliable, please feel free to contact me
off-list.

Chris Buxton
Professional Services
Men & Mice