Thanks to all for the help - I won't flood the list with replies to
people who replied to me. I'll look at rndc reconfig and do some
testing in a lab to validate the behaviour of reconfig. It does,
however, look like just what I'm looking for, and hopefully will help us
a lot.

Cheers to all!

Todd.

-----Original Message-----
From: Chris Buxton [mailto:cbuxton@menandmice.com]
Sent: Thursday, October 09, 2008 11:41 PM
To: Todd Snyder
Cc: bind-users@isc.org
Subject: Re: Adding new domains without restarting

On Oct 9, 2008, at 1:41 PM, Todd Snyder wrote:
> However, adding
> new zones is still considered high risk, as a restart of the daemon is


> required.


No it's not.

> Additionally, we lose the cache, which could negatively impact
> service.


Understandable. For a busy server, clearing the cache can cause a
noticeable and sudden spike in both resolution times for end users and
network traffic in and out of the server.

> So my question is this - is it possible to add a new zone to a
> currently running server and have it load?


Yes. `rndc reconfig`

This command causes named to examine its configuration file
(named.conf) and, if it is accepted as syntactically correct, enact any
changes. That means changes to ACL's, keys, options, views, etc., are
all reloaded, and it means that new zones are loaded while missing
(deleted) zones are unloaded.

Existing zones that are still referenced are not checked to see if they
need reloading. This is, to my knowledge, the only difference between
'reconfig' and 'reload'.

> If there are named.conf/zonefile
> typos, will that impact any currently running zones?


Probably not. If there is a typo in named.conf that renders it
unloadable, an error is written out (either stderr or to log files, I
forget which) and nothing happens. If a typo in named.conf causes zone
statements to be commented out, then yes, live zones will go dark.

A typo in a zone will cause an error to be logged, and nothing will
happen.

To guard against zones being accidentally deleted, I suggest you use
some kind of validation routine that compares the output of `named-
checkconf -z` against an expected value, or else use a management system
that doesn't involve directly modifying named.conf.

If you want to talk about commercial management and monitoring products
to make this more reliable, please feel free to contact me off-list.

Chris Buxton
Professional Services
Men & Mice


---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.