namespace verification

Wed Jul 8 19:30:20 UTC 2009

On Wed, 8 Jul 2009 14:23:36 -0400, "Todd Snyder" <tsnyder at rim.com> wrote:
> Good day all,
> 
> I am looking at making some sweeping changes to some zone files,
> cleaning up NS records primarily.  As I'm pondering the impact of this,
> I got to thinking about how to validate every single record in my
> namespace, and therefore the entirety of my change.
> 
> What I'm thinking of is a script that will go through each zone file and
> do a dig against a server (localhost, or otherwise) for each record,
> verifying that every record resolves correctly.
> 
> Has anyone written such a beast or know of a tool like this?  Am I being
> obtuse in thinking that this would be useful to me to verify my changes?
> 
> Cheers,
> 
> Todd.
> 
> ---------------------------------------------------------------------
> This transmission (including any attachments) may contain confidential
> information, privileged material (including material protected by the
> solicitor-client or other applicable privileges), or constitute
non-public
> information. Any use of this information by anyone other than the
intended
> recipient is prohibited. If you have received this transmission in error,
> please immediately reply to the sender and delete this information from
> your system. Use, dissemination, distribution, or reproduction of this
> transmission by unintended recipients is not authorized and may be
> unlawful.
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

I was forced into writing some stuff like this as I inherited a severely
neglected DNS environment.  Instead of having to write the logic capable of
parsing a zone file I found it easier to parse host -l output.  This allows
for not needing to take account of all the allowed shorthand within the
zone files that bind understands.  I suppose it even makes the scripts non
bind dependent. I choose to examine things such as A records with multiple
entries (possible round robin or possible that someone didn't remove an old
record before adding new), if PTR records exist for A records, if PTR
records match the corresponding A records, for duplicate PTR records & if
two different A records contain the same IP data (possible old IP that was
reassigned to new machine while old DNS data was never removed or possibly
one machine known by many names).

I am sure there is some paid software out there that performs similar
functionality.  I tested the Men & Mice suite which performed alot of very
similar functionality as my own scripts did.  I wouldn't be surprised if
there were some open source projects as well.

Thanks,
David