bind 9 secure?
Brad Knowles
brad.knowles at skynet.be
Wed Mar 7 10:24:15 UTC 2001
At 8:44 AM +0100 3/7/01, Ralf Hildebrandt wrote:
> dnswalk comes in handy for checking the zones.
Unfortunately, dnswalk can only check zones after they have been
loaded. I believe that the current version of nslint has the same
problem, although I think it can more easily be modified to pull in
the contents of a file and check that instead.
Even doc requires that the zone already be loaded, although
unlike most other DNS debugging tools (e.g., dnswalk, nslint, etc...)
it does not require the ability to perform a zone transfer in order
to get a copy of the data to be inspected.
The only DNS debugging tool I know of that is designed to check
zones before they are loaded is the program "named-checkzone" that
comes with BINDv9, and actually uses all the same standard libraries
and routines that BIND uses, so you can be pretty well assured that
if named-checkzone says the zone looks okay then BINDv9 won't refuse
to load it.
--
======================================================================
Brad Knowles, <brad.knowles at skynet.be>
More information about the bind-users
mailing list