hi, Nov 13, 2023 11:26:15 Matthew Richardson <[email protected]>:
> Randy Bush <[email protected]> wrote:- > >> it occurred to me that it migh tme wise to have a rancid like >> (https://shrubbery.net/rancid/) equivalent for critical domains. >> i.e. to git record changes and warn of radical diffs. >> >> is there any foss tooling in this space? > > For the recording, I do something similar within our systems which is > really simple, and roughly:- > > cd $repodir > foreach $zone { > dig +nocmd +nostats +onesoa @$master $zone axfr > $zone.zone > } > git add -A > git commit -m "cron script" > > which runs as a daily job via cron. Obviously, this only does the > recording into a git repo, but does not do any alerting For alerting and stopping a zone before XFR to secondaries nsd verifier functionality can be used. A script can store a previous value and allow new zones only if the tests (supplied by you) are met e.g. the size of the zone should change x% at max, not more. Bump in the wire verifier. Regards, Tamás _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
