In the 1.4 release of OpenDNSSEC the auditor component has been removed. This component was only lightly used in deployed systems and its removal means that OpenDNSSEC no longer depends on Ruby.

There are a number of third party products available that specialise in generalised zone auditing. It is anticiapted that users wishing to audit thier zones will use such a product and some recommendations are made below.

On this Page

Workflow

With no 'in-built' auditing function in OpenDNSSEC one option is to post process the zone. It is possible to do this using the NotifyCommand in conf.xml. An example workflow would be:

An alternative solution is that the signed zones from OpenDNSSEC may be transfered to a hidden master and a validation tool may be run before the zones are distributed to the slave servers.

Validation Tools

validns

http://www.validns.net/

credns

http://www.nlnetlabs.nl/projects/credns/