The SOA serial number has special handling: any difference between the old and new serial numbers is ignored, because background DNSSEC signing activity can increment the serial number unpredictably. If both old and new files are not specified, nsdiff will transfer the new version of the zone from the server given by the -m option. If the old file is not specified, nsdiff will use dig to transfer the zone from the server given by the -s option, or if the -s option is missing it will get the server from the zone's SOA MNAME field. They are passed through BIND's named-compilezone program to convert them to canonical form, so they may also be in BIND's "raw" format and may have. The input files are typically in standard DNS zone file format. It ignores DNSSEC-related differences, assuming that the name server has sole control over zone keys and signatures. ![]() The nsdiff program examines the old and new versions of a DNS zone, and outputs the differences as a script for use by BIND's nsupdate program. Nsdiff - create "nsupdate" script from DNS zone file differences SYNOPSIS
0 Comments
Leave a Reply. |