[dns-operations] validating zones before distribution to secondaries
Benno Overeinder
benno at NLnetLabs.nl
Thu May 6 22:57:07 UTC 2021
Hi Klaus,
On 04/05/2021 15:59, Klaus Darilion wrote:
> In my setup I receive zones from various hidden primaries to my
> "incoming" nameserver. Before my "distribution" nameserver fetches the
> zone from the "incoming" nameserver (and hence sends NOTIFYs to the
> public secondaries) I I want to perform various checks on the zone
> loaded on the incoming nameserver.
>
We are close to release CreDNS in NSD4. CreDNS is a module in NSD4 that
works as a gatekeeper between the zone transfer and serving the zone.
The validation can be done by an external program like ldns-verify-zone
or a resolver if you want to verify the zone partially (e.g. after an
IXFR).
See also the slides and search for "CreDNS" in
https://nlnetlabs.nl/downloads/presentations/20191013_CENTRTech41-ODS-CreDNS.pdf.
Cheers,
--Benno
--
Benno J. Overeinder
NLnet Labs
https://www.nlnetlabs.nl/
More information about the dns-operations
mailing list