Hi Anand!
Am 04.05.2021 um 16:30 schrieb Anand Buddhdev:
You might want to look at Tony Finch's nsnotifyd, which is a custom
program that can monitor zones for changes, and run custom commands when
changes are detected. It can also listen for NOTIFY messages and act
immediately on zone changes. You could use it to run your custom checks
before distributing your zones.
We already use a self written tool, quite similar to nsnotifyd to catch
NOTIFYs and start the zone validation.
After sucessfull validation, I would like to use standard XFR between
name servers to further distribute the zone. I want to avoid doing
manual zone transfers with tools like dig, or manually copying zone
files, as this is IMO not so reliable.
Hence, a nameserver as secondary which does not perform any SOA-checks
itself, but only performs SOA-checks when triggered externally (ie "rndc
refresh zone") would be nice. Unfurtunately I am not aware of a name
server which can be configured like that*
regards
Klaus
* A hack would be PowerDNS with master=some.non.responding.ip. Then SOA
checks would fail, but incoming transfer could be triggered by
"pdns_control retrieve zone ip.address.of.primary"
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
