Post-Change Checklist

Mandatory after ANY configuration change on SKY, RAIN, SUN, or WIND. Never skip.

---

Steps

1. Update AIDE Baseline

Run on the server where the change was made:

sudo aide --update && sudo mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

2. Log the Change

echo "$(date -u +%Y-%m-%dT%H:%M:%SZ) [$(hostname)] <description of change> — $(whoami)" \
    | sudo tee -a /var/log/asset-inventory.log

3. Re-sign DNSSEC (SKY/RAIN zone file changes only)

dnssec-signzone -A -3 $(head -c 6 /dev/random | od -An -tx1 | tr -d ' \n') \
    -N INCREMENT -o wdc.us.gl3 -t /var/named/wdc.us.gl3.db
rndc reload

---

Tip

SKY and RAIN are always treated as a synchronized pair. Apply all DNS/DHCP changes to both servers and run this checklist on both.

---

Post Change Checklist · v1.1 · 2026-03-14 · GPUS-IT · Classification: CONFIDENTIAL — Internal Use Only