Testing a Name Servers Configuration

Testing a Name Server s Configuration

5.3.1 Problem

You want to test a name server's configuration before putting it into production.

5.3.2 Solution

Use the named-checkconf and named-checkzone programs to check the named.conf file and zone data files, respectively. named-checkconf reads /etc/named.conf by default, so if you haven't moved the configuration file into /etc yet, specify the pathname to the configuration file you want to test as the argument:

$ named-checkconf ~/test/named.conf

named-checkconf uses the routines in BIND (BIND 9.1.0 and later, to be exact) to make sure the named.conf file is syntactically correct. If there are any syntactic or semantic errors in named.conf, named-checkconf will print an error. For example:

$ named-checkconf /tmp/named.conf /tmp/named.conf:3: missing ';' before '}'

named-checkzone uses BIND's own routines to check the syntax of a zone data file. To run it, specify the domain name of the zone and the name of the zone data file as arguments:

$ named-checkzone foo.example db.foo.example

If the zone contains any errors, named-checkzone prints an error. If the zone would load without errors, named-checkzone prints a message like this:

zone foo.example/IN: loaded serial 2002022400 OK

Once you've checked the configuration file and zone data, configure the name server to listen on a nonstandard port with the listen-on options substatement, and not to use a control channel:

controls { }; options { directory "/var/named"; listen-on port 1053 { any; }; };

That way, the test name server won't interfere with any production name server you might already have running. Check the name server's syslog output (which should be clean, if you ran named-checkconf and named-checkzone) and query the name server with dig or another query tool, specifying the alternate port:

$ dig -p 1053 soa foo.example.

Once you're satisfied with the name server's responses to a few queries, you can remove the listen-on substatement, add a real controls statement and put it into production.

5.3.3 Discussion

Even though named-checkconf and named-checkzone first shipped with BIND 9.1.0, BIND 8's configuration syntax is similar enough to BIND 9's that you can easily use named-checkconf with a BIND 8 named.conf file. The zone data file format is exactly the same between versions, so you can use named-checkzone, too.

5.3.4 See Also

Section 3.26, for more information on running a name server on an alternate port.

Категории