Audit the consistency of zone files on DNS servers
Maren S. Leizaola
leizaola at udr.hk.com
Fri Mar 14 18:39:01 UTC 2014
On 3/14/2014 9:20 PM, Stephane Bortzmeyer wrote:
> On Fri, Mar 14, 2014 at 12:33:47PM +0000,
> Phil Mayers <p.mayers at imperial.ac.uk> wrote
> a message of 25 lines which said:
>
>> dig @server zone axfr >file
>> diff file file.real
> If you're really paranoid, it may not be sufficient since a server may
> reply differently to "normal" DNS queries and to zone file transfer
> requests (for instance if the server is also authoritative for a
> child zone, see RFC 5936, section 3.2).
>
>
Thank you both for your replies.
I am paranoid and I don't think zone transfers are a good method.
I want something that looks at the file, intelligently looks at each
record and sends the right types of queries to all the DNS servers.
We are never sure how bug free bind is. As I am using other DNS servers
I am not sure how reliably they interactive with Bind...
So trust I nothing until it has been provent to work time and time
again....
I am surprised that there isn't a standard tool out there to do this, it
seems pretty obvious to me.
Regards,
Maren.
More information about the bind-users
mailing list