[Opendnssec-user] syntax error in zonelist.xml -> destruction

Casper Gielen c.gielen at uvt.nl
Mon Nov 19 16:32:03 UTC 2012


Hello,
this is a little precautionary tale for anyone running OpenDNSSEC.
tl;dr Don't make syntax errors in zonelist.xml


Today I added a new zone to opendnssec. We manage zonelist.xml by hand
(it's stored in SVN). Unfortunately I made a typo and deleted one
character (a '<') somewhere in the middle of the file. Unaware of the
typo I loaded the broken zonelist.xml (with ods-ksmutil update all).
OpenDNSSEC promptly informed me that it was unable to parse the
zonefile. I found and my mistake and loaded the new file and didn't
think about it anymore until 15 minutes later every alarm in our system
went off.

Every zone after my typo had been erased and was being recreated.

Unfortunately I did not realize the source of the problem right away.
With hindsight the correct solution would have been to recover the
entire OpenDNSSEC from backup. Instead I uploaded the new keys to our
registrar.


feature request: Please check the configuration for syntax-errors before
acting upon it.

-- 
Casper Gielen <cgielen at uvt.nl> | LIS UNIX
PGP fingerprint = 16BD 2C9F 8156 C242 F981  63B8 2214 083C F80E 4AF7

Universiteit van Tilburg | Postbus 90153, 5000 LE
Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl





More information about the Opendnssec-user mailing list