> Paul Vixie <mailto:[email protected]> > Sunday, November 30, 2014 2:29 PM > > why? (your use case is not obvious from what you've written.) ... > Chuck Anderson <mailto:[email protected]> > Monday, December 01, 2014 7:09 AM > > Silent on-disk corruption. It happens, and it would be nice to be > able to detect that. > if you're concerned about operating system or hardware or network errors, then i assume you're also concerned about them hitting your name server executable, in which case you'll be running a file system like ZFS that catches these things.
if you're concerned about malevolent on-disk editing, then i assume you're running something like tripwire to snapshot with secure hashes every file in your operating system, and that it will have hooks to manage and monitor the zone files as well. either way i'm not seeing a unique "has to be done with an in-zone signature" situation here. -- Paul Vixie
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
