Identifying and deleting unused DNS entries

Danny Thomas d.thomas at
Wed Sep 26 06:12:42 UTC 2007

blrmaani <blrmaani at> asked
>I maintain a DNS server running BIND 9.2.x. We have several unused
>entries but I donot want to delete it before making sure that these
>A records/CNAMES are not being queried.
>One approach I know of is to enable querylog, check for the names to
>be deleted in the querylog and delete it if these names are NOT in the
>Does BIND maintain some kind of statistics per CNAME/A record ?
>Is there any better approach to solve this problem?

at least for hostname records, I don't believe the absence of dns
queries is a great indicator whether a host still exists.

the policy on our network is to register every active ip-address
including network, gateway, HSRP & broadcast addresses. Conversely
inactive ip-addresses should get removed from the dns.

We use router netflows to identify
  active ip-addresses not registered in the dns
  dns hostnames no longer seen to be active

The date ip-addresses were last seen to be active is also displayed
against each ip-address managed through our web-based dns management system

this information is also brought through to our network information portal
NB for various reasons the flows have not be updated since 03-Jul

VLAN 521
VLAN: Ipswich Students 2
VLAN type: network
VLAN site: Ipswich
466 hosts (55 not registered in DNS), 91.9% of 507 usable-addresses
this VLAN is not handled by the central DHCP server
routed by the HSRP cluster letron/synot

CIDR               gateway            #    ?    x    Q        ou    466   55    3    -        its-uqi

the # column has the total number of hosts seen from flows during
  01-Aug-2006 thru 03-Jul-2007 (336 days)
the ? column has the number of such hosts not registered in the central DNS
the x column has the number of hosts registered in the central DNS not seen
  in flows
the Q column represents whether the CIDR is handled by the Quotient Traffic
  Charging system

this page is brought up when the '3' link in the 'x' column is clicked

3 hosts registered in the DNS were not seen to be active
displaying just those registered in the DNS but not seen to be active
IP               hostname

this page is brought up when the '466' link in the '#' column is clicked

411 of the 466 active ip-addresses seen in during 01-Aug-2006
thru 03-Jul-2007 (336 days) were registered in the DNS
3 hosts registered in the DNS were not seen to be active
displaying all active addresses
IP            first-time   num-days  last-time     hostname  06-Aug-2006        33   9-Dec-2006  05-Aug-2006       134  02-Jul-2007  14-Aug-2006        23  08-Jun-2007  14-Aug-2006        17  08-Feb-2007  14-Aug-2006        13  16-May-2007  01-Aug-2006       293  03-Jul-2007

A special web-page is generated for server domains and lists hostnames
whose ip-address has not been seen to be active in the last month.
The fact that such a list has hundreds of entries indicates the 
processes followed by the server groups for removing interfaces is not
good as they manage these dns entries.

NB those marked with a '*' are dns entries not created through the WebDNS
interface. Produced in 2.0 secs at 13:06 PM on 05-Jul-2007 by (script)

The following server domains were inspected:

These 189 have been inactive (since flow-processing began 2006-08-01):
IP                hostname  *  + 1 other name  *  *  * (USG)  + 1 other name  * (USG)  *  *  *  * (USG) (USG) (USG)


   d.thomas at    Danny Thomas,                                    
          +61-7-3365-8221    Software Infrastructure,    ITS, The University of Queensland

More information about the bind-users mailing list