I read this post some time ago and as I was experiencing the same I decided to investigate it.
But it took me all this time to find some time. I’m creating this new one as the former is already closed.
Long story sort:
In management/status_checks.py
, at the end of the check_dnssec()
function, when building the part of the report about the current DS records founded (line 661 at the current stable version), they are added in the same order as they were received when calling query_dns()
, which can differ from run to run. This was making the difflib.SequenceMatcher()
method to find the same line removed and added one line later.
I was able to get rid of this by ordering the DS records prior to outputting them to the report (by updating line 661 to for rr in sorted(ds):
).
Question: How should I proceed to suggest this change to be included on the next version?
This also has made me think (and read and learn) about the DNSSEC DS record. As I’m undestanding it now these should only be set for those domains that you want miab to manage, but not needed (and even discouraged) for those that you decide to manage within your nameserver provider. Am I right?
Regards.
lamberete