[dns-operations] dns-operations Digest, Vol 91, Issue 33

Stephan Lagerholm stephan.lagerholm at secure64.com
Tue Aug 27 19:12:03 UTC 2013


Joe, Bob and others,
 
>> Date: Tue, 27 Aug 2013 11:27:56 -0400
>> From: Joe Abley <jabley at hopcount.ca>
>> ...
>> Cc: dns-operations at lists.dns-oarc.net
>> Subject: Re: [dns-operations] Implementation of negative trust
>>        anchors?
>>
>>...
>> 
>>I've long wished for a more general facility where upon successful [AI]XFR I could shell out to an arbitrary local executable and do whatever checks I 
>>wanted before signaling with exit status that "this zone is ok to serve". With a bit of state held on disk about previous zones you could include some 
>>of those temporal checks and perhaps catch a few more problems.
>>
>>Joe
>
>In BIND 8, at a previous company, I renamed the "named-xfer" executable to "named-xfer-real", and put a script at "named-xfer" 

Have you seen credns from Nlnetlabs? It is doing what you are trying to accomplish. 

/Stephan



More information about the dns-operations mailing list