[151407] in North American Network Operators' Group
Re: Looking for advice - Auditing zones on a set of name servers
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Tue Mar 20 20:25:26 2012
In-Reply-To: <CABgOHgutzaeqs4OEQOhyEhtEJZ3f6fWNX3MQp1n1GwNOZ8n25Q@mail.gmail.com>
Date: Tue, 20 Mar 2012 20:24:29 -0400
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Landon Stewart <lstewart@superb.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, Mar 20, 2012 at 4:53 PM, Landon Stewart <lstewart@superb.net> wrote=
:
> I'm looking for some advice here. =A0I'm attempting to clean up a set of =
name
> servers and have a list of domain names that should not actually be hoste=
d
> on those name servers. =A0In some cases there are issues where there are
> actually no NS records in a domain but it should be hosted on those name
> servers. =A0In some cases the name servers just aren't authoritative and =
the
> domain should be removed. =A0The name servers are all djbdns, not that it
> matters a whole lot.
<snip>
> I wrote a quick script that looks up the NS records for a zone, then the =
A
> records for those NS records and checks the resulting IP addresses agains=
t
> a list of IP addresses that are our name servers. =A0It's not quite doing=
all
> I need it to do since sometimes we are authoritative but there are no NS
> records or they are wrong. =A0I'm also not sure beating on google's name
> servers is a good idea either so you should fill in your OWN recursive na=
me
> servers instead f 8.8.8.8 and 8.8.4.4.
don't you really want to walk the tree from . down? so dig +trace | machine=
-ify
then make sure that the criteria you care about work out properly?
(this avoides people's old/legacy/super-long-ttl causing problems in
the shorter term)
-chris
