On 04/05/2021 15:59, Klaus Darilion wrote: Hi Klaus,
> In my setup I receive zones from various hidden primaries to my > "incoming" nameserver. Before my "distribution" nameserver fetches the > zone from the "incoming" nameserver (and hence sends NOTIFYs to the > public secondaries) I I want to perform various checks on the zone > loaded on the incoming nameserver. > > Currently I use a freaky Bind9 setup with several perl scripts. Do you > know if there exists any software tool that were written for such > setups? For example a Secondary which fetches a zone not automatically > but only on request? Or a nameserver which fetches a zone but only > "loads" it if an external tool validates the zone? I don't think any of the existing name servers have that facility. I know that the latest Knot DNS can do DNSSEC validation of incoming XFRs, and I guess this implies general DNS correctness checks. However, if you want to do custom checks, you'll have to do this yourself. You might want to look at Tony Finch's nsnotifyd, which is a custom program that can monitor zones for changes, and run custom commands when changes are detected. It can also listen for NOTIFY messages and act immediately on zone changes. You could use it to run your custom checks before distributing your zones. https://github.com/fanf2/nsnotifyd Regards, Anand Buddhdev _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
