CR-2026-03-04: VyOS BIND DNS Records — Risk & Comms

Key Lessons

Lesson Detail

Lesson	Detail
Always backup first	Zone file backups with timestamps enable quick rollback
Validate before reload	`named-checkzone` catches syntax errors before production impact
Serial increment is critical	Forgot serial = no AXFR to secondary = split-brain DNS
sed/awk for zone editing	More repeatable than manual vim editing

Always backup first

Zone file backups with timestamps enable quick rollback

Validate before reload

named-checkzone catches syntax errors before production impact

Serial increment is critical

Forgot serial = no AXFR to secondary = split-brain DNS

sed/awk for zone editing

More repeatable than manual vim editing