On 12 Nov 2023, at 19:58, Randy Bush <ra...@psg.com> wrote: > it occurred to me that it migh tme wise to have a rancid like > (https://shrubbery.net/rancid/) equivalent for critical domains. > i.e. to git record changes and warn of radical diffs. > > is there any foss tooling in this space?
It seems like it ought to be a small amount of work to create a dnslogin and equipment type "dns" so that exactly rancid could be used. TSIG (algorithm, name, secret) tuples and master server addresses could live in .cloginrc. For signed zones this would generate a lot of noise. Maybe some .cloginrc options to suppress notification of deltas that were are just signature refreshes would be helpful (I see your "radical diffs" above). I was actually going to hack something together and send a patch to the list by way of reply, but then I remembered that rancid is written in perl. Joe _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
