The maintainers of the NiX Spam DNS Black-List have thankfully followed up on our suggestion to add a freshness time stamp to the black- list, allowing slave zone operators to verify zone transfers are occurring in a timely fashion. (The zone’s SOA serial number has no relashionship to time – the zone is updated up to 100 times per second, and the serial number is just a number.) The timestamp is in ISO 8601 format and it is located at the zone apex:

    dig txt
    ;; ANSWER SECTION:  60  IN TXT  "heartbeat=2010-10-26T07:51:01+02:00"

If you are a slave zone operator, you may be interested in using check_nix – a Nagios/Icinga plugin which verifies said freshness. (Read the man page.)

    DNSBL last updated on slave [] 0 days, 00:00:33 ago

(Information in German.) Thanks, Marcel & team!

Nagios, DNS, CLI, and DNSBL :: 26 Oct 2010 :: e-mail