I think I mistakenly put keyname without the word key (should be "key keyname") in Update ACL causing both cluster to fail without realizing it until after quite some times. Any idea how to avoid this kind of error in the future since if this DNS cluster servers failed, all domains in it also failed?
The regular bind server plugin catches errors and renames a bad file to .err, which you could consult. There is a command to check bind syntax that you can probably use, but I'm not very familiar with it of the top of my head.
I think you meant pri.domain.tld but I don't think Update ACL places the entry in any of that zone file because that won't cause bind to fail. When it is added, it will be in named.conf.local and when the format is wrong, bind server could not restart. That caused the failure that I was asking on how to avoid.
Ok, sorry. Posted just an addition to Jesse's post without reading the full thread. We probably have to try to improve the input check for that field then.
