Joe, Bob and others, >> Date: Tue, 27 Aug 2013 11:27:56 -0400 >> From: Joe Abley <[email protected]> >> ... >> Cc: [email protected] >> Subject: Re: [dns-operations] Implementation of negative trust >> anchors? >> >>... >> >>I've long wished for a more general facility where upon successful [AI]XFR I >>could shell out to an arbitrary local executable and do whatever checks I >>wanted before signaling with exit status that "this zone is ok to serve". >>With a bit of state held on disk about previous zones you could include some >>of those temporal checks and perhaps catch a few more problems. >> >>Joe > >In BIND 8, at a previous company, I renamed the "named-xfer" executable to >"named-xfer-real", and put a script at "named-xfer"
Have you seen credns from Nlnetlabs? It is doing what you are trying to accomplish. /Stephan _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
