[dns-operations] Diffing tools for zones?
wessels at dns-oarc.net
Wed Aug 4 21:01:53 UTC 2010
On Aug 2, 2010, at 12:09 PM, Paul Hoffman wrote:
> Are there any reasonable tools that know how to look for differences in two versions of a modern zone? By "reasonable" I mean "ignores changes in NSEC and NSEC3 records and other things that are normal in the daily operation of a signed zone".
I'm pleased to be able to share some of the tools that we use at VeriSign.
At http://yazvs.verisignlabs.com/ you'll find two perl scripts. One takes a
candidate signed zone file, performs some crypto checks, and then compares
it to the production zone data. Another produces a straight diff output
after excluding any record types that you specify.
More information about the dns-operations