nanog mailing list archives
Re: Looking for advice - Auditing zones on a set of name servers
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Tue, 20 Mar 2012 20:24:29 -0400
On Tue, Mar 20, 2012 at 4:53 PM, Landon Stewart <lstewart () superb net> wrote:
I'm looking for some advice here. I'm attempting to clean up a set of name servers and have a list of domain names that should not actually be hosted on those name servers. In some cases there are issues where there are actually no NS records in a domain but it should be hosted on those name servers. In some cases the name servers just aren't authoritative and the domain should be removed. The name servers are all djbdns, not that it matters a whole lot.
<snip>
I wrote a quick script that looks up the NS records for a zone, then the A records for those NS records and checks the resulting IP addresses against a list of IP addresses that are our name servers. It's not quite doing all I need it to do since sometimes we are authoritative but there are no NS records or they are wrong. I'm also not sure beating on google's name servers is a good idea either so you should fill in your OWN recursive name servers instead f 8.8.8.8 and 8.8.4.4.
don't you really want to walk the tree from . down? so dig +trace | machine-ify then make sure that the criteria you care about work out properly? (this avoides people's old/legacy/super-long-ttl causing problems in the shorter term) -chris
Current thread:
- Looking for advice - Auditing zones on a set of name servers Landon Stewart (Mar 20)
- Re: Looking for advice - Auditing zones on a set of name servers Christopher Morrow (Mar 20)
- Re: Looking for advice - Auditing zones on a set of name servers Landon Stewart (Mar 22)
- RE: Looking for advice - Auditing zones on a set of name servers Jonathon Exley (Mar 22)
- Re: Looking for advice - Auditing zones on a set of name servers Christopher Morrow (Mar 20)