Last month I did some work on nsdiff based on bug reports and feature requests from Piete Brooks at the University of Cambridge Computer Laboratory. The changes became a major overhaul, though I have managed to keep the program short. Here's a copy of the announcement I sent to a few mailing lists...
nsdiff is an add-on tool for BIND that compares old and new versions of a zone and generates an nsupdate script which turns the old version into the new version. It is designed to bridge the gap between static master files and dynamic DNS updates, making it easier to use auto-dnssec maintain.
https://fanf2.user.srcf.net/hermes/conf/bind/bin/nsdiff
This update includes an important fix to deal with replacing a CNAME with other RRtypes or vice versa. The DNS update protocol requires that all the old RRs are removed before adding the new RRs if any of them are CNAMEs. If you violate this requirement part of the update will be ignored, with the only sign of a problem being a message in BIND's logs.
Other changes include: configurable SOA serial number formats and verbosity; more control over how large numbers of changes are split into multiple update requests; and fewer restrictions on DNS record owner name syntax.