[151479] in North American Network Operators' Group
RE: Looking for advice - Auditing zones on a set of name servers
daemon@ATHENA.MIT.EDU (Jonathon Exley)
Thu Mar 22 16:58:37 2012
From: Jonathon Exley <Jonathon.Exley@kordia.co.nz>
To: NANOG list <nanog@nanog.org>
Date: Thu, 22 Mar 2012 20:57:43 +0000
In-Reply-To: <CABgOHgutzaeqs4OEQOhyEhtEJZ3f6fWNX3MQp1n1GwNOZ8n25Q@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
You could try ValiDNS (http://www.validns.net) which I am told does this so=
rt of thing.
Jonathon=20
> -----Original Message-----
> From: Landon Stewart [mailto:lstewart@superb.net]
> Sent: Wednesday, 21 March 2012 9:54 a.m.
> To: NANOG list
> Subject: Looking for advice - Auditing zones on a set of name servers
>=20
> Hi Everyone,
>=20
> I'm looking for some advice here. I'm attempting to clean up a set of na=
me
> servers and have a list of domain names that should not actually be hosted
> on those name servers. In some cases there are issues where there are
> actually no NS records in a domain but it should be hosted on those name
> servers. In some cases the name servers just aren't authoritative and the
> domain should be removed. The name servers are all djbdns, not that it
> matters a whole lot.
>=20
> I'm wondering if anyone knows of some tools that I can use other than
> homegrown ones that are a little more robust in terms of thinking of every
> little possible issue for or against a domain than I can think of. Of a =
list of
> domains that I marked for deletion some of them simply had little problems
> but should not be deleted (rather just have their NS records fixed). I a=
lso
> don't' want to pound on someone else's recursive name servers or even the
> root name servers trying to audit ours since that's not very nice. If an=
ything I
> guess I could spread out the queries if I had the right tools.
>=20
> I wrote a quick script that looks up the NS records for a zone, then the A
> records for those NS records and checks the resulting IP addresses agains=
t a
> list of IP addresses that are our name servers. It's not quite doing all=
I need it
> to do since sometimes we are authoritative but there are no NS records or
> they are wrong. I'm also not sure beating on google's name servers is a =
good
> idea either so you should fill in your OWN recursive name servers instead=
f
> 8.8.8.8 and 8.8.4.4.
>=20
> Thanks for reading! :-D
This email and attachments: are confidential; may be protected by privilege=
and copyright; if received in error may not be used, copied, or kept; are =
not guaranteed to be virus-free; may not express the views of Kordia(R); do=
not designate an information system; and do not give rise to any liability=
for Kordia(R).
