Bug#1089602: ITP: nsnotifyd -- promply run a command on DNS zone changes

Mon, 09 Dec 2024 10:33:27 -0800 

Package: wnpp
Severity: wishlist
Owner: Daniel Gröber <d...@darkboxed.org>
X-Debbugs-Cc: debian-devel@lists.debian.org, d...@darkboxed.org, d...@dotat.at

* Package name    : nsnotifyd
  Version         : 2.3
  Upstream Contact: Tony Finch <d...@dotat.at>
* URL             : https://dotat.at/prog/nsnotifyd/
* License         : 0BSD OR MIT-0
  Programming Lang: C, Shell    
  Description     : promply run a command on DNS zone changes

The nsnotifyd daemon monitors a set of DNS zones and runs a command when
any of them change. It listens for DNS NOTIFY messages so it can respond to
changes promptly. It also uses each zone's SOA refresh and retry parameters
to poll for updates if nsnotifyd does not receive NOTIFY messages more
frequently.

Anywhere you currently have a cron job which is monitoring updates to DNS
zones, you might want to run it under nsnotifyd instead of cron, so your
script runs as soon as the zone changes instead of running at fixed
intervals.

There is also a client program nsnotify for sending notify messages.

### Examples

There are four example scripts included and described in the manual:

 - metazone - allows you to use standard DNS mechanisms - AXFR, IXFR,
   NOTIFY, UPDATE -- to control the configuration of multiple name servers,
   instead of using a separate out-of-band distribution system.

 - nsnotify2git - records the history of changes to a set of zones.

 - nsnotify2stealth - uses nsnotify-liststealth and nsnotify to notify
   stealth secondaries so they get updates faster.

 - nsnotify2update - uses nsdiff and nsupdate as part of a bump-in-the-wire
   DNSSEC signer.

---

I have this crazy idea to use this for DNS-SD style Wireguard mesh
managment. Think: pushing wg config to many machines by updating DNS :-)

Even outside such crazy this package seems exceedingly useful for anyone
dealing with DNS. The git support feels similar to etckeeper which people
seem to enjoy. Maybe I should look into adding 'zonekeeper' to integrate
with a locally running nameserver by default?

I intend to maintain it myself, but as always co-maintainers are welcome.

--Daniel

Attachment: signature.asc
Description: PGP signature

Reply via email to