[dns-operations] validating zones before distribution to secondaries
casey at deccio.net
Tue May 4 23:45:07 UTC 2021
> On May 4, 2021, at 7:59 AM, Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
> In my setup I receive zones from various hidden primaries to my "incoming" nameserver. Before my "distribution" nameserver fetches the zone from the "incoming" nameserver (and hence sends NOTIFYs to the public secondaries) I I want to perform various checks on the zone loaded on the incoming nameserver.
> Currently I use a freaky Bind9 setup with several perl scripts. Do you know if there exists any software tool that were written for such setups? For example a Secondary which fetches a zone not automatically but only on request? Or a nameserver which fetches a zone but only "loads" it if an external tool validates the zone?
With a focus on mostly DNSSEC, but also some general DNS, you can use DNSViz for pre-deployment testing, as shown here:
It is not automated, so you would have to build in scripts around it.
More information about the dns-operations