[dns-operations] Diffing tools for zones?
Ray Bellis
Ray.Bellis at nominet.org.uk
Mon Aug 2 20:19:02 UTC 2010
On 2 Aug 2010, at 20:09, Paul Hoffman wrote:
> Greetings. I used to be able to do a reasonably sane check for changed between two versions of the root zone with 'diff'. Now that the root is signed, that all goes to hell.
>
> Are there any reasonable tools that know how to look for differences in two versions of a modern zone? By "reasonable" I mean "ignores changes in NSEC and NSEC3 records and other things that are normal in the daily operation of a signed zone".
I've previously used a simple combination of "named-checkzone" and "egrep" to get a canonical sorted version of the zone and then remove the crud:
% dig @f.root-servers.net. . axfr > root.in
% named-checkzone -D -i none . root.in | \
egrep -v '[[:space:]](NSEC|NSEC3)[[:space:]]' | \
egrep -v '^;;' > root.out
Ray
More information about the dns-operations
mailing list