[dns-operations] differ
Joe Abley
jabley at strandkip.nl
Mon Nov 13 11:44:34 UTC 2023
On 12 Nov 2023, at 19:58, Randy Bush <randy at psg.com> wrote:
> it occurred to me that it migh tme wise to have a rancid like
> (https://shrubbery.net/rancid/) equivalent for critical domains.
> i.e. to git record changes and warn of radical diffs.
>
> is there any foss tooling in this space?
It seems like it ought to be a small amount of work to create a dnslogin and equipment type "dns" so that exactly rancid could be used. TSIG (algorithm, name, secret) tuples and master server addresses could live in .cloginrc.
For signed zones this would generate a lot of noise. Maybe some .cloginrc options to suppress notification of deltas that were are just signature refreshes would be helpful (I see your "radical diffs" above).
I was actually going to hack something together and send a patch to the list by way of reply, but then I remembered that rancid is written in perl.
Joe
More information about the dns-operations
mailing list