[dns-operations] Diffing tools for zones?
Crist Clark
Crist.Clark at globalstar.com
Mon Aug 2 22:08:01 UTC 2010
>>> On 8/2/2010 at 12:09 PM, Paul Hoffman <phoffman at proper.com> wrote:
> Greetings. I used to be able to do a reasonably sane check for changed
> between two versions of the root zone with 'diff'. Now that the root is
> signed, that all goes to hell.
>
> Are there any reasonable tools that know how to look for differences in two
> versions of a modern zone? By "reasonable" I mean "ignores changes in NSEC
> and NSEC3 records and other things that are normal in the daily operation of
> a signed zone".
If you've got a system with GNU diff (e.g. Linux, FreeBSD, "gdiff" from the
Solaris software companion), shouldn't it be as easy as specifying a few
"-I" options? Like,
$ diff -u -I'[ ]NSEC[ ]' root.yesterday root.today
More information about the dns-operations
mailing list