Re: Looking for advice - Auditing zones on a set of name servers

[Christopher Morrow <morrowc.lists () gmail com>]

On Tue, Mar 20, 2012 at 4:53 PM, Landon Stewart <lstewart () superb net> wrote:
> I'm looking for some advice here.  I'm attempting to clean up a set of name
> servers and have a list of domain names that should not actually be hosted
> on those name servers.  In some cases there are issues where there are
> actually no NS records in a domain but it should be hosted on those name
> servers.  In some cases the name servers just aren't authoritative and the
> domain should be removed.  The name servers are all djbdns, not that it
> matters a whole lot.

<snip>

> I wrote a quick script that looks up the NS records for a zone, then the A
> records for those NS records and checks the resulting IP addresses against
> a list of IP addresses that are our name servers.  It's not quite doing all
> I need it to do since sometimes we are authoritative but there are no NS
> records or they are wrong.  I'm also not sure beating on google's name
> servers is a good idea either so you should fill in your OWN recursive name
> servers instead f 8.8.8.8 and 8.8.4.4.

don't you really want to walk the tree from . down? so dig +trace | machine-ify
then make sure that the criteria you care about work out properly?
(this avoides people's old/legacy/super-long-ttl causing problems in
the shorter term)

-chris