[dns-operations] Delegation checking (was: Re: Some DNSSEC trivia)
Niall O'Reilly
Niall.oReilly at ucd.ie
Tue Jan 8 17:28:08 UTC 2008
On 8 Jan 2008, at 17:19, Paul Vixie wrote:
> i suspect that you're speaking from great experience,
Definitely. I know the TLD James had in mind. 8-)
> and that there are zone
> administrators (registry or not) with far less experience for whom
> the tools
> are the hardest part. i envision a toolset written in C using
> BIND9's libs
> that AXFR's the zone periodically, populates a database using ODBC,
> slowscans
> that database, keeping state on number of timeouts/mismatches/etc,
> and emits
> IODEF events toward the local ticket system based on configurable
> threshold
> crossings. if something like that existed, my belief is, it would
> get used
> almost universally among serious zone administrators, even if many
> of them are
> precluded by policy from suspending/revoking delegations based on
> the results.
What you describe seems to match fairly closely something I've
seen out there on the Web. I'll forward this off-list to the
person involved, as it's for him rather than for me to say anything
about it.
/Niall
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20080108/dc436e5c/attachment.sig>
More information about the dns-operations
mailing list