Looking for advice - Auditing zones on a set of name servers
Jonathon Exley
Jonathon.Exley at kordia.co.nz
Thu Mar 22 20:57:43 UTC 2012
You could try ValiDNS (http://www.validns.net) which I am told does this sort of thing.
Jonathon
> -----Original Message-----
> From: Landon Stewart [mailto:lstewart at superb.net]
> Sent: Wednesday, 21 March 2012 9:54 a.m.
> To: NANOG list
> Subject: Looking for advice - Auditing zones on a set of name servers
>
> Hi Everyone,
>
> I'm looking for some advice here. I'm attempting to clean up a set of name
> servers and have a list of domain names that should not actually be hosted
> on those name servers. In some cases there are issues where there are
> actually no NS records in a domain but it should be hosted on those name
> servers. In some cases the name servers just aren't authoritative and the
> domain should be removed. The name servers are all djbdns, not that it
> matters a whole lot.
>
> I'm wondering if anyone knows of some tools that I can use other than
> homegrown ones that are a little more robust in terms of thinking of every
> little possible issue for or against a domain than I can think of. Of a list of
> domains that I marked for deletion some of them simply had little problems
> but should not be deleted (rather just have their NS records fixed). I also
> don't' want to pound on someone else's recursive name servers or even the
> root name servers trying to audit ours since that's not very nice. If anything I
> guess I could spread out the queries if I had the right tools.
>
> I wrote a quick script that looks up the NS records for a zone, then the A
> records for those NS records and checks the resulting IP addresses against a
> list of IP addresses that are our name servers. It's not quite doing all I need it
> to do since sometimes we are authoritative but there are no NS records or
> they are wrong. I'm also not sure beating on google's name servers is a good
> idea either so you should fill in your OWN recursive name servers instead f
> 8.8.8.8 and 8.8.4.4.
>
> Thanks for reading! :-D
This email and attachments: are confidential; may be protected by privilege and copyright; if received in error may not be used, copied, or kept; are not guaranteed to be virus-free; may not express the views of Kordia(R); do not designate an information system; and do not give rise to any liability for Kordia(R).
More information about the NANOG
mailing list