Audit the consistency of zone files on DNS servers
Kevin Darcy
kcd at chrysler.com
Fri Mar 14 17:53:33 UTC 2014
On 3/14/2014 8:28 AM, Maren S. Leizaola wrote:
> Hello,
> What do you guys recommend to audit every resource
> record in a zone file against all the records in all the DNS servers
> that host the zone file.
>
> I want something that I feed the master zone file and then goes to each
> NS server and ensures that each of the records are identical in all of
> them.
>
> What I want to be able to detect are serial number errors, where a zone
> has been updated but the serial number has not changed. In this
> circumstances comparing SOA of all the servers would not report any
> errors, but the zone file in the different servers are incorrect.
Or use Dynamic Update exclusively for DNS record maintenance, so that
"forgetting to update the serial number after a change" is a thing of
the past[1].
- Kevin
[1] For the nit-pickers out there, the statement is true _even_for_ SOA
record changes, since they don't "take" unless you "increment" the
serial number (as per serial-number arithmetic) as part of the change.
More information about the bind-users
mailing list