>> it occurred to me that it migh tme wise to have a rancid like >> (https://shrubbery.net/rancid/) equivalent for critical domains. >> i.e. to git record changes and warn of radical diffs. >> >> is there any foss tooling in this space? > > Assuming there isn't - yet...- What would you want a tool like this to > do ? Would a simple diff (e.g.: number of deleted lines> X, assuming > one is working with files) be too vague ? Would you want the > granularity to be RRsets ?
at first blush, there are two classes of change that concern me. one is for zones that should be quite stable. for those, a full rancid style diff, likely ignoring dnssec rrs. for zones which normally have churn, some summarization would probably be needed. this week, i am more concerned with the first. but, knowing the dns community, i am sure this could become a small industry :) does it trigger on cron? or do i want to hook it into the update event, either local/primary or successful axfr? this week, either will do. why reinvent rancid? i use it and like it a lot. but, as joe says, it's perl; i.e. it will not be pleasant to augment. occasionally i have to touch one of the ancient perl bits around here, and ugh. randy _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
