<html><head>
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
</head><body bgcolor="#FFFFFF" text="#000000"><br>
<blockquote style="border: 0px none;" 
cite="mid:20141201150908.GK7116@angus.ind.WPI.EDU" type="cite">
  <div style="margin:30px 25px 10px 25px;" class="__pbConvHr"><div 
style="display:table;width:100%;border-top:1px solid 
#EDEEF0;padding-top:5px">       <div 
style="display:table-cell;vertical-align:middle;padding-right:6px;"><img
 photoaddress="paul@redbarn.org" photoname="Paul Vixie" 
src="cid:part1.08070203.07000309@redbarn.org" name="postbox-contact.jpg"
 height="25px" width="25px"></div>   <div 
style="display:table-cell;white-space:nowrap;vertical-align:middle;width:100%">
        <a moz-do-not-send="true" href="mailto:paul@redbarn.org" 
style="color:#737F92 
!important;padding-right:6px;font-weight:bold;text-decoration:none 
!important;">Paul Vixie</a></div>   <div 
style="display:table-cell;white-space:nowrap;vertical-align:middle;">   
  <font color="#9FA2A5"><span style="padding-left:6px">Sunday, November 
30, 2014 2:29 PM</span></font></div></div></div>
  <div style="color:#888888;margin-left:24px;margin-right:24px;" 
__pbrmquotes="true" class="__pbConvBody">

<br>
why? (your use case is not obvious from what you've written.) ...<br>
</div>
</blockquote>
<blockquote style="border: 0px none;" 
cite="mid:20141201150908.GK7116@angus.ind.WPI.EDU" type="cite">
  <div style="margin:30px 25px 10px 25px;" class="__pbConvHr"><div 
style="display:table;width:100%;border-top:1px solid 
#EDEEF0;padding-top:5px">       <div 
style="display:table-cell;vertical-align:middle;padding-right:6px;"><img
 photoaddress="cra@wpi.edu" photoname="Chuck Anderson" 
src="cid:part2.07090107.00090702@redbarn.org" 
name="compose-unknown-contact.jpg" height="25px" width="25px"></div>   <div
 
style="display:table-cell;white-space:nowrap;vertical-align:middle;width:100%">
        <a moz-do-not-send="true" href="mailto:cra@wpi.edu" 
style="color:#737F92 
!important;padding-right:6px;font-weight:bold;text-decoration:none 
!important;">Chuck Anderson</a></div>   <div 
style="display:table-cell;white-space:nowrap;vertical-align:middle;">   
  <font color="#9FA2A5"><span style="padding-left:6px">Monday, December 
01, 2014 7:09 AM</span></font></div></div></div>
  <div style="color:#888888;margin-left:24px;margin-right:24px;" 
__pbrmquotes="true" class="__pbConvBody"><div><!----><br>Silent on-disk 
corruption.  It happens, and it would be nice to be<br>able to detect 
that.<br></div></div>
  <br>
</blockquote>
if you're concerned about operating system or hardware or network 
errors, then i assume you're also concerned about them hitting your name
 server executable, in which case you'll be running a file system like 
ZFS that catches these things.<br>
<br>
if you're concerned about malevolent on-disk editing, then i assume 
you're running something like tripwire to snapshot with secure hashes 
every file in your operating system, and that it will have hooks to 
manage and monitor the zone files as well.<br>
<br>
either way i'm not seeing a unique "has to be done with an in-zone 
signature" situation here.<br>
<br>
<div class="moz-signature">-- <br>Paul Vixie<br>
</div>
</body></html>