[dns-operations] dns-operations Digest, Vol 91, Issue 33
Stephan Lagerholm
stephan.lagerholm at secure64.com
Tue Aug 27 19:12:03 UTC 2013
Joe, Bob and others,
>> Date: Tue, 27 Aug 2013 11:27:56 -0400
>> From: Joe Abley <jabley at hopcount.ca>
>> ...
>> Cc: dns-operations at lists.dns-oarc.net
>> Subject: Re: [dns-operations] Implementation of negative trust
>> anchors?
>>
>>...
>>
>>I've long wished for a more general facility where upon successful [AI]XFR I could shell out to an arbitrary local executable and do whatever checks I
>>wanted before signaling with exit status that "this zone is ok to serve". With a bit of state held on disk about previous zones you could include some
>>of those temporal checks and perhaps catch a few more problems.
>>
>>Joe
>
>In BIND 8, at a previous company, I renamed the "named-xfer" executable to "named-xfer-real", and put a script at "named-xfer"
Have you seen credns from Nlnetlabs? It is doing what you are trying to accomplish.
/Stephan
More information about the dns-operations
mailing list