Delegation bit-rot detection?
Phil Mayers
p.mayers at imperial.ac.uk
Thu Jun 14 13:19:28 UTC 2012
All,
Over the years, we have offered DNS secondary services to various
organisations. Some of those organisations are (ahem) fairly small, and
lots of the delegations and zone transfers have suffered bit-rot - there
are zones delegated to us that I have no records on, and certainly can't
AXFR from the masters (in some cases, the masters answer REFUSED as well).
I'm wondering if anyone knows of a script that will process our logs
looking for "refused" queries, and then post-process these by tracing
the delegations and telling me what the nearest enclosing zone is, the
NS records that led inbound queries to us, and (if any of the other NS
records are responding) the SOA.
I could write something, but there are a lot of corner cases, and I'm
feeling lazy!
OTOH if anyone has any suggestions (other than "ignore the refused",
which is what we're currently doing) for dealing with these kinds of
things...
Cheers,
Phil
More information about the bind-users
mailing list