Delegation bit-rot detection?

Phil Mayers p.mayers at
Thu Jun 14 13:19:28 UTC 2012


Over the years, we have offered DNS secondary services to various 
organisations. Some of those organisations are (ahem) fairly small, and 
lots of the delegations and zone transfers have suffered bit-rot - there 
are zones delegated to us that I have no records on, and certainly can't 
AXFR from the masters (in some cases, the masters answer REFUSED as well).

I'm wondering if anyone knows of a script that will process our logs 
looking for "refused" queries, and then post-process these by tracing 
the delegations and telling me what the nearest enclosing zone is, the 
NS records that led inbound queries to us, and (if any of the other NS 
records are responding) the SOA.

I could write something, but there are a lot of corner cases, and I'm 
feeling lazy!

OTOH if anyone has any suggestions (other than "ignore the refused", 
which is what we're currently doing) for dealing with these kinds of 


More information about the bind-users mailing list