[dns-operations] differ
Randy Bush
randy at psg.com
Mon Nov 13 13:03:16 UTC 2023
>> it occurred to me that it migh tme wise to have a rancid like
>> (https://shrubbery.net/rancid/) equivalent for critical domains.
>> i.e. to git record changes and warn of radical diffs.
>>
>> is there any foss tooling in this space?
>
> Assuming there isn't - yet...- What would you want a tool like this to
> do ? Would a simple diff (e.g.: number of deleted lines> X, assuming
> one is working with files) be too vague ? Would you want the
> granularity to be RRsets ?
at first blush, there are two classes of change that concern me.
one is for zones that should be quite stable. for those, a full rancid
style diff, likely ignoring dnssec rrs.
for zones which normally have churn, some summarization would probably
be needed.
this week, i am more concerned with the first. but, knowing the dns
community, i am sure this could become a small industry :)
does it trigger on cron? or do i want to hook it into the update event,
either local/primary or successful axfr? this week, either will do.
why reinvent rancid? i use it and like it a lot. but, as joe says,
it's perl; i.e. it will not be pleasant to augment. occasionally i have
to touch one of the ancient perl bits around here, and ugh.
randy
More information about the dns-operations
mailing list