Thank you Timothe for this. I tested this on some of my domains and
found AXFR worked the best....
dig @::1 $zone axfr | grep -v '^;' | grep -v '^$zone' | grep 'NS
' | cut -f1 | cut -f1 -d' ' | sed 's/\.$//' |sort -u > axfr.$zone
... does the trick. $zone is the Zone in question. There is a <tab>
after "NS".
Take a Zone, Strip comments, Strip lines beginning with the Zone, Look
for NS records (exclude NSEC records), take the first argument (strip
trailing dot) and make the output sorted and unique...
I'll be writing in PHP and already use a similar PHP "NET::DNS" type
library.... so shouldn't be difficult.
Yes - this will go into a Database - etc..
On 2023/08/22 02:10, Timothe Litt wrote:
(Sorry for the duplicate/reply without context). See below.
On 21-Aug-23 11:11, Mark Elkins wrote:
Hi,
I'm writing some software to be able to read information from a Zone
file. I am a legally authorised Secondary Authoritative Nameserver
for a number of domains or rather zone files, eg. EDU.ZA (and
others). Is there an easy way to:-
1) Count how many delegated domains there are (Names with NS records)
2) Extract the above Names - so I can look for changes (Added/Deleted
names)
3) find out how many unique names have DS records (I can DIG I suppose)
I'd also like to spot broken stuff (named-checkzone ?)
So the zones (such as EDU.ZA) contain the domain name of the entity
(whois.edu.za) along with the Nameserver records and in this case, a
DS record. e.g... "whois.edu.za" looks like....
whois NS control.vweb.co.za.
NS secdns1.posix.co.za.
NS secdns2.posix.co.za.
NS secdns3.posix.co.za.
DS 27300 13 2
8ED21DB407F6AC3E6EA757AE566953C1BBADD8B652BE4C7C0744B1D7 9DF42894
DS 17837 13 2
36FD5B19450B672988AE507FB7D2F948ED1E889546C6E16554C7EAF9 CE9C3FEA
One hindrance is that journal files are present - so it is not just
the zone file but the zone.jnl file as well.
Some African ccTLDs have everything in one zone e.g. their COM, EDU,
GOV - etc. In South Africa, these are all separate zones, making life
somewhat easier.
I'd hate to re-invent software that already exists.
The primary purpose is to pull in data into an (ICANN requested)
African DNS Observatory.
--
Mark James ELKINS - Posix Systems - (South) Africa
m...@posix.co.za Tel: +27.826010496 <tel:+27826010496>
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
Mark,
a) Use named-compilezone to extract the zone with journals applied.
b) my favorite: do an axfr of the zone, which gives the correct data
with all the pseudo-ops expanded
c) Use a library - I use Perl's Net::DNS - and write code to do the
axfr & walk the zone - it allows you to access fields in the records.
https://github.com/tlhackque/certtools has a simple utility called
acme_token_check that does (c) to remove stray ACME records - it
shows how to do the transfer and walk the zone. (And also how to use
DNS UPDATE to maintain it.)
Enjoy.
Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.
--
Mark James ELKINS - Posix Systems - (South) Africa
m...@posix.co.za Tel: +27.826010496 <tel:+27826010496>
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
<https://ftth.posix.co.za>
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
