Looking for advice - Auditing zones on a set of name servers
Christopher Morrow
morrowc.lists at gmail.com
Wed Mar 21 00:24:29 UTC 2012
On Tue, Mar 20, 2012 at 4:53 PM, Landon Stewart <lstewart at superb.net> wrote:
> I'm looking for some advice here. I'm attempting to clean up a set of name
> servers and have a list of domain names that should not actually be hosted
> on those name servers. In some cases there are issues where there are
> actually no NS records in a domain but it should be hosted on those name
> servers. In some cases the name servers just aren't authoritative and the
> domain should be removed. The name servers are all djbdns, not that it
> matters a whole lot.
<snip>
> I wrote a quick script that looks up the NS records for a zone, then the A
> records for those NS records and checks the resulting IP addresses against
> a list of IP addresses that are our name servers. It's not quite doing all
> I need it to do since sometimes we are authoritative but there are no NS
> records or they are wrong. I'm also not sure beating on google's name
> servers is a good idea either so you should fill in your OWN recursive name
> servers instead f 8.8.8.8 and 8.8.4.4.
don't you really want to walk the tree from . down? so dig +trace | machine-ify
then make sure that the criteria you care about work out properly?
(this avoides people's old/legacy/super-long-ttl causing problems in
the shorter term)
-chris
More information about the NANOG
mailing list