On Wed, 8 Jul 2009 14:23:36 -0400, "Todd Snyder" <tsny...@rim.com> wrote: > Good day all, > > I am looking at making some sweeping changes to some zone files, > cleaning up NS records primarily. As I'm pondering the impact of this, > I got to thinking about how to validate every single record in my > namespace, and therefore the entirety of my change. > > What I'm thinking of is a script that will go through each zone file and > do a dig against a server (localhost, or otherwise) for each record, > verifying that every record resolves correctly. > > Has anyone written such a beast or know of a tool like this? Am I being > obtuse in thinking that this would be useful to me to verify my changes? > > Cheers, > > Todd. > > --------------------------------------------------------------------- > This transmission (including any attachments) may contain confidential > information, privileged material (including material protected by the > solicitor-client or other applicable privileges), or constitute non-public > information. Any use of this information by anyone other than the intended > recipient is prohibited. If you have received this transmission in error, > please immediately reply to the sender and delete this information from > your system. Use, dissemination, distribution, or reproduction of this > transmission by unintended recipients is not authorized and may be > unlawful. > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users
I was forced into writing some stuff like this as I inherited a severely neglected DNS environment. Instead of having to write the logic capable of parsing a zone file I found it easier to parse host -l output. This allows for not needing to take account of all the allowed shorthand within the zone files that bind understands. I suppose it even makes the scripts non bind dependent. I choose to examine things such as A records with multiple entries (possible round robin or possible that someone didn't remove an old record before adding new), if PTR records exist for A records, if PTR records match the corresponding A records, for duplicate PTR records & if two different A records contain the same IP data (possible old IP that was reassigned to new machine while old DNS data was never removed or possibly one machine known by many names). I am sure there is some paid software out there that performs similar functionality. I tested the Men & Mice suite which performed alot of very similar functionality as my own scripts did. I wouldn't be surprised if there were some open source projects as well. Thanks, David _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
