Looking for advice - Auditing zones on a set of name servers

Jonathon Exley Jonathon.Exley at kordia.co.nz
Thu Mar 22 15:57:43 CDT 2012


You could try ValiDNS (http://www.validns.net) which I am told does this sort of thing.

Jonathon 

> -----Original Message-----
> From: Landon Stewart [mailto:lstewart at superb.net]
> Sent: Wednesday, 21 March 2012 9:54 a.m.
> To: NANOG list
> Subject: Looking for advice - Auditing zones on a set of name servers
> 
> Hi Everyone,
> 
> I'm looking for some advice here.  I'm attempting to clean up a set of name
> servers and have a list of domain names that should not actually be hosted
> on those name servers.  In some cases there are issues where there are
> actually no NS records in a domain but it should be hosted on those name
> servers.  In some cases the name servers just aren't authoritative and the
> domain should be removed.  The name servers are all djbdns, not that it
> matters a whole lot.
> 
> I'm wondering if anyone knows of some tools that I can use other than
> homegrown ones that are a little more robust in terms of thinking of every
> little possible issue for or against a domain than I can think of.  Of a list of
> domains that I marked for deletion some of them simply had little problems
> but should not be deleted (rather just have their NS records fixed).  I also
> don't' want to pound on someone else's recursive name servers or even the
> root name servers trying to audit ours since that's not very nice.  If anything I
> guess I could spread out the queries if I had the right tools.
> 
> I wrote a quick script that looks up the NS records for a zone, then the A
> records for those NS records and checks the resulting IP addresses against a
> list of IP addresses that are our name servers.  It's not quite doing all I need it
> to do since sometimes we are authoritative but there are no NS records or
> they are wrong.  I'm also not sure beating on google's name servers is a good
> idea either so you should fill in your OWN recursive name servers instead f
> 8.8.8.8 and 8.8.4.4.
> 
> Thanks for reading!  :-D

This email and attachments: are confidential; may be protected by privilege and copyright; if received in error may not be used, copied, or kept; are not guaranteed to be virus-free; may not express the views of Kordia(R); do not designate an information system; and do not give rise to any liability for Kordia(R).




More information about the NANOG mailing list