[dns-operations] Delegation checking (was: Re: Some DNSSEC trivia)

Niall O'Reilly Niall.oReilly at ucd.ie
Tue Jan 8 17:28:08 UTC 2008

On 8 Jan 2008, at 17:19, Paul Vixie wrote:

> i suspect that you're speaking from great experience,

	Definitely.  I know the TLD James had in mind.  8-)

> and that there are zone
> administrators (registry or not) with far less experience for whom  
> the tools
> are the hardest part.  i envision a toolset written in C using  
> BIND9's libs
> that AXFR's the zone periodically, populates a database using ODBC,  
> slowscans
> that database, keeping state on number of timeouts/mismatches/etc,  
> and emits
> IODEF events toward the local ticket system based on configurable  
> threshold
> crossings.  if something like that existed, my belief is, it would  
> get used
> almost universally among serious zone administrators, even if many  
> of them are
> precluded by policy from suspending/revoking delegations based on  
> the results.

	What you describe seems to match fairly closely something I've
	seen out there on the Web.  I'll forward this off-list to the
	person involved, as it's for him rather than for me to say anything
	about it.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20080108/dc436e5c/attachment.sig>

More information about the dns-operations mailing list