Staying Out of Trouble

RFC 1912 is titled "Common DNS Operational and Configuration Errors" and deals with common DNS configuration and data problems. It also comes with software dnswalk, which is described in Chapter 7, "The DNS Tool Chest." dnswalk checks for a lot of these problems. Running some of the DNS checking tools described in Chapter 7 or found on the Net will help ensure that your setup stays healthy, so you can avoid troubleshooting DNS. Reading RFC 1912 is also a good idea. Reading RFC 2181, "Clarifications to the DNS Specification," will also help you gain insight into some of the things talked about in this chapter. For old-timers, it gives the reasons for some of the changes seen in DNS recently, which can cause problems in some older setups.

Another good idea is to read the logs whenever you restart or reload named after you've edited the configuration or zone files. This enables you to know what BIND thinks of your edits right away, and lets you fix them before your boss, or a customer, comes looking for you. The logging statement (discussed in Chapters 3, "Maintenance and Enhancements," and 15, "Compiling and Maintaining BIND") enables you to log things any way you want, anywhere you want. Of course, grep or a simple log analysis tool can be of considerable help if you have more than a few zones, because the log output when loading the zones can be a handful.

Taking a look through Chapter 8, "Security Concerns," will also help you avoid problems. Some of the things there, such as restricting recursive queries and zone transfers, turning off glue fetching, and blackholing bogus addresses are simple to implement and make it harder to sabotage you.

Finally, Chapter 2, "DNS in Practice, " and Chapter 3 are simply filled to the brim with good advice about everything. Make sure you know everything in them.