Description: Keep old zone if new one break bind setup
 If bind reject the zone file, revert to the previous version and
 log an error to syslog, instead of breaking the DNS setup completely.
Author: Petter Reinholdtsen <pere@hungry.com>
Bug-Debian: http://bugs.debian.org/710362
Last-Update: 2014-09-30

Index: ldap2zone/ldap2bind
===================================================================
--- ldap2zone.orig/ldap2bind	2014-10-04 21:18:02.102641349 +0200
+++ ldap2zone/ldap2bind	2014-10-04 21:22:44.584783512 +0200
@@ -78,15 +78,31 @@
 fi
 
 for domain in $ZONES; do
-	if $ldap2zone $domain $LDAP_URI $TTL > /tmp/$domain; then
-		lines=$(cat /tmp/$domain | wc -l)
-		[ $lines -gt 1 ] && mv /tmp/$domain $BIND_DATA/${PREFIX}${domain}
+	TMPFILE=$(mktemp)
+	CURRENT=$BIND_DATA/${PREFIX}${domain}
+	OLD=$BIND_DATA/${PREFIX}${domain}.old-$$
+	if $ldap2zone $domain $LDAP_URI $TTL > $TMPFILE; then
+		lines=$(cat $TMPFILE | wc -l)
+		if [ $lines -gt 1 ] ; then
+		    result=$(named-checkzone $domain $TMPFILE 2>&1)
+		    if [ $? -ne 0 ]; then
+			logger -t ldap2bind "Checking the zone '$domain' failed: $result. Not deploying.\n"
+			rm $TMPFILE
+			continue
+		    else
+			mv $CURRENT $OLD
+			mv $TMPFILE $CURRENT
+		    fi
+		fi
 	fi
 
 	result=$($rndc reload $domain 2>&1)
 	if [ $? -ne 0 ]; then
-                logger -t ldap2bind "Reloading the zone '$domain' failed: $result\n"
+		logger -t ldap2bind "Reloading the zone '$domain' failed: $result. Reverting.\n"
+		mv $CURRENT $CURRENT.broken
+		mv $OLD $CURRENT
 	else
-                logger -t ldap2bind "Reloading the zone '$domain' was successful\n"
+		rm $OLD
+		logger -t ldap2bind "Reloading the zone '$domain' was successful\n"
 	fi
 done