[dns-operations] Diffing tools for zones?
Ondřej Surý
ondrej.sury at nic.cz
Thu Aug 12 10:22:41 UTC 2010
On 3.8.2010 10:47, Marco Davids (SIDN) wrote:
> On 08/02/10 21:09, Paul Hoffman wrote:
>
>> Are there any reasonable tools that know how to look for
>> differences in two versions of a modern zone? By "reasonable" I
>> mean "ignores changes in NSEC and NSEC3 records and other things
>> that are normal in the daily operation of a signed zone".
>
> Have you looked at ldns-compare-zones from the LDNS example
> directory?
I could throw some code (probably by reusing some ldns-read-zone code)
into ldns-compare-zones to ignore NSEC/NSEC3/RRSIG records.
Or you can use something like that (NOTE: add error conditions {set -e,
traps, etc.} depending on how important is the result):
TMPZONE1=`mktemp zone1` || exit 1
TMPZONE2=`mktemp zone2` || exit 1
ldns-read-zone -s zonea > $TMPZONE1 && \
ldns-read-zone -s zoneb > $TMPZONE2 && \
ldns-compare-zones -a $TMPZONE1 $TMPZONE2
rm -f $TMPZONE1 $TMPZONE2
Ondrej
--
Ondřej Surý
vedoucí výzkumu/Head of R&D department
-------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Americka 23, 120 00 Praha 2, Czech Republic
mailto:ondrej.sury at nic.cz http://nic.cz/
tel:+420.222745110 fax:+420.222745112
-------------------------------------------
More information about the dns-operations
mailing list