Audit the consistency of zone files on DNS servers

[Stephane Bortzmeyer]

On Fri, Mar 14, 2014 at 12:33:47PM +0000,
 Phil Mayers <p.mayers at imperial.ac.uk> wrote 
 a message of 25 lines which said:

> dig @server zone axfr >file
> diff file file.real

If you're really paranoid, it may not be sufficient since a server may
reply differently to "normal" DNS queries and to zone file transfer
requests (for instance if the server is also authoritative for a
child zone, see RFC 5936, section 3.2).