Hi Klaus,
On 04/05/2021 15:59, Klaus Darilion wrote:
In my setup I receive zones from various hidden primaries to my
"incoming" nameserver. Before my "distribution" nameserver fetches the
zone from the "incoming" nameserver (and hence sends NOTIFYs to the
public secondaries) I I want to perform various checks on the zone
loaded on the incoming nameserver.
We are close to release CreDNS in NSD4. CreDNS is a module in NSD4 that
works as a gatekeeper between the zone transfer and serving the zone.
The validation can be done by an external program like ldns-verify-zone
or a resolver if you want to verify the zone partially (e.g. after an
IXFR).
See also the slides and search for "CreDNS" in
https://nlnetlabs.nl/downloads/presentations/20191013_CENTRTech41-ODS-CreDNS.pdf.
Cheers,
--Benno
--
Benno J. Overeinder
NLnet Labs
https://www.nlnetlabs.nl/
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
