Audit the consistency of zone files on DNS servers
Stephane Bortzmeyer
bortzmeyer at nic.fr
Fri Mar 14 13:20:12 UTC 2014
On Fri, Mar 14, 2014 at 12:33:47PM +0000,
Phil Mayers <p.mayers at imperial.ac.uk> wrote
a message of 25 lines which said:
> dig @server zone axfr >file
> diff file file.real
If you're really paranoid, it may not be sufficient since a server may
reply differently to "normal" DNS queries and to zone file transfer
requests (for instance if the server is also authoritative for a
child zone, see RFC 5936, section 3.2).
More information about the bind-users
mailing list