On Sun, Nov 30, 2014 at 02:29:15PM -0800, Paul Vixie wrote: > > Doug Barton <mailto:[email protected]> > > Sunday, November 30, 2014 1:21 PM > > ... > > > > We still need a way to verify the entire contents of the zone however. > > This goes beyond just transfers, it would be nice to be able to verify > > that a zone downloaded using a method other than transfers is both > > accurate and complete. > > why? (your use case is not obvious from what you've written.) are you > trying to ensure that errors that creep by TCP's error checking or that > result from silent sending-side failures where both the starting and > ending SOA are present but the middle is corrupt? or are you trying to > ensure that a tertiary server can't be lied to by its secondary server?
Silent on-disk corruption. It happens, and it would be nice to be able to detect that. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
