Re: Script to creat PTR zone from zone file
Sorry, first message was sent not for the list but to Alan only. (by the
way, why "reply" button does not send message to list by default?)
2010/10/30 Alan Clegg
> On 10/30/2010 1:42 AM, Sukman wrote:
> >> Looking to write a script to create the PTR records..
> >> Not much on the Web..
> >
>
I had same problem recently and i have written a script:
#!/bin/bash
NET=192.168.111
HOST=example.com
LIMIT=254
for ((i=1;a<=LIMIT;i++))
do
IP=`echo $NET.$i`
ARPA=`host $NET.$a | awk '{print $5}'`
FIRSTOCT=`echo $IP $ARPA | grep NX | awk '{print $1}' | cut -d .
-f1`
SECOCT=`echo $IP $ARPA | grep NX | awk '{print $1}' | cut -d .
-f2`
THIRDOCT=`echo $IP $ARPA | grep NX | awk '{print $1}' | cut -d .
-f3`
LASTOCT=`echo $IP $ARPA | grep NX | awk '{print $1}' | cut -d .
-f4`
PTR=`echo host$LASTOCT.$THIRDOCT.$SECOCT.$FIRSTOCT.$HOST | grep
-v 't\.'`
echo $LASTOCT.$THIRDOCT.$SECOCT.$FIRSTOCT.in-addr.arpa.IN
PTR$PTR. | egrep -v '^\.'
done
My problem was to "fill the gaps" in my PTR records, because some of them
have already been created by hand before. So my script lookups for existing
PTRs and generetes the missing ones by pattern. Script is not much elegant
and clean (same my English is), but it works.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Unknown option 'managed-keys' - why?
> I don't think the standard BIND RPMs for the above have support for 'managed-keys' as the highest version they go is up to BIND 9.3. Thanks Antonio and Kevin. My systems are using Bind 9.4. I'm going to upgrade to 9.7 as you suggested. Thank you! []s Alexander Brazil ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Script to creat PTR zone from zone file
Doh! I've sent a wrong version of script, with errors. Here's a correct one:
#!/bin/bash
NET=192.168.111
HOST=example.com
LIMIT=254
for ((i=1;i<= LIMIT ; i++))
do
IP=`echo $NET.$i`
ARPA=`host $NET.$i | awk '{print $5}'`
FIRSTOCT=`echo $IP $ARPA | grep NX | awk '{print $1}' | cut -d .
-f1`
SECOCT=`echo $IP $ARPA | grep NX | awk '{print $1}' | cut -d .
-f2`
THIRDOCT=`echo $IP $ARPA | grep NX | awk '{print $1}' | cut -d .
-f3`
LASTOCT=`echo $IP $ARPA | grep NX | awk '{print $1}' | cut -d .
-f4`
PTR=`echo host$LASTOCT.$THIRDOCT.$SECOCT.$FIRSTOCT.$HOST | grep
-v 't\.'`
echo $LASTOCT.$THIRDOCT.$SECOCT.$FIRSTOCT.in-addr.arpa.IN
PTR$PTR. | egrep -v '^\.'
done
2010/11/1 big bond
> Sorry, first message was sent not for the list but to Alan only. (by the
> way, why "reply" button does not send message to list by default?)
>
> 2010/10/30 Alan Clegg
>
>> On 10/30/2010 1:42 AM, Sukman wrote:
>>
>> >> Looking to write a script to create the PTR records..
>> >> Not much on the Web..
>> >
>>
>
>
>
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
RE: DNSSEC, views & trusted keys...episode 43
I have tried to consolidate the several suggestions for how to configure a
view that would respond with AD to recursive queries for authoritative
zoned.
I don't have a working recipe. I could use some help.
At this point, it looks like the recursive view is still going to the
external nameservers.
Validation fails because the external views don't use the same keys as the
internal views (when the zones have the same name).
Stub zones are active - as in the queries were made and their .db files
created. Their content IS coming from the internal view (as expected).
Trusted keys are being specified (I intend to switch to managed-keys, but
one step at a time!)
Here is the configuration - I'm eliding include statements, truncating keys
and showing only one zone.
Bind 9.7.2-P2
view "r-internal" in {
//match-clients { !any_external; all_internal; };
match-clients { 192.168.148.136; }; // This is for debugging
match-recursive-only yes;
transfer-source 192.168.42.6; // Required so recursion hits the right
view
query-source address 192.168.42.6; // ", but doesn't seem to be obeyed
recursion yes;
allow-recursion { all_internal; };
allow-query-cache { all_internal; };
trusted-keys {
litts.net. 257 3 7
"AwEAAd8UA5VFFxqqyj+2peMH+/KOhm3q2H/(...)";
};
// dig @192.168.42.6 example.net dnskey
// example.net. 60 IN DNSKEY 257 3 7
AwEAAd8UA5VFFxqqyj2peMH+/KOhm3q2H/(...)"
// Yes, there is a ZSK too
zone "example.net" in {
type stub;
file "EXAMPLE_NET.stub.DB";
masters { 192.168.148.4; };
};
};
Named.log:
01-Nov-2010 13:58:41.436 lame-servers: info: error (no valid KEY) resolving
'example.net/DNSKEY/IN': #53
01-Nov-2010 13:58:41.535 lame-servers: info: error (no valid KEY) resolving
'example.net/DNSKEY/IN': #53
01-Nov-2010 13:58:41.628 lame-servers: info: error (no valid KEY) resolving
'example.net/DNSKEY/IN': #53
01-Nov-2010 13:58:41.630 lame-servers: info: error (broken trust chain)
resolving 'www.example.net/A/IN': #53
Note that none of the three nameservers in the log are the one configured
for this test.
I suspect that some internal shortcut is causing named to ignore the
query-source directive.
Perhaps in not wanting to do UDP to itself, named isn't setting (or looking
at) the source address?
In any case, this server is authoritative (a slave) for all the zones
involved, so it's also a bit of a mystery as to why it goes outside to
resolve this at all.
I have created a level 99 trace of this lookup - perhaps it will mean
something to a named internals wizard...
Named.run (domain & ip addresses masked with sed)
01-Nov-2010 14:33:40.579 debug level is now 99
01-Nov-2010 14:33:40.581 socket 0x406bd410: socket_recv: event 0x408ee3c8 ->
task 0x40655008
01-Nov-2010 14:33:40.583 socket 0x406bd410: dispatch_recv: event 0x408ee3c8
-> task 0x40655008
01-Nov-2010 14:33:40.584 socket 0x406bd410: internal_recv: task 0x40655008
got event 0x406bd470
01-Nov-2010 14:33:40.578 socket 0x406bd410: destroying
01-Nov-2010 14:33:43.162 socket 0x40697568: dispatch_recv: event 0x408ef968
-> task 0x40910c08
01-Nov-2010 14:33:43.162 socket 0x40697568: internal_recv: task 0x40910c08
got event 0x406975c8
01-Nov-2010 14:33:43.162 socket 0x40697568 192.168.148.136#41145: packet
received correctly
01-Nov-2010 14:33:43.163 socket 0x40697568: processing cmsg 0x40642190
01-Nov-2010 14:33:43.163 client 192.168.148.136#41145: UDP request
01-Nov-2010 14:33:43.164 client 192.168.148.136#41145: view r-internal:
using view 'r-internal'
01-Nov-2010 14:33:43.164 client 192.168.148.136#41145: view r-internal:
request is not signed
01-Nov-2010 14:33:43.158 client 192.168.148.136#41145: view r-internal:
recursion available
01-Nov-2010 14:33:43.158 client 192.168.148.136#41145: view r-internal:
query
01-Nov-2010 14:33:43.158 client 192.168.148.136#41145: view r-internal:
ns_client_attach: ref = 1
01-Nov-2010 14:33:43.159 client 192.168.148.136#41145: view r-internal:
query 'www.example.net/A/IN' approved
01-Nov-2010 14:33:43.160 client 192.168.148.136#41145: view r-internal:
replace
01-Nov-2010 14:33:43.160 clientmgr @0x4063f3c8: createclients
01-Nov-2010 14:33:43.160 clientmgr @0x4063f3c8: recycle
01-Nov-2010 14:33:43.161 createfetch: www.example.net A
01-Nov-2010 14:33:43.161 fctx 0x40867c38(www.example.net/A'): create
01-Nov-2010 14:33:43.168 fctx 0x40867c38(www.example.net/A'): join
01-Nov-2010 14:33:43.168 fetch 0x4064bc70 (fctx
0x40867c38(www.example.net/A)): created
01-Nov-2010 14:33:43.169 client @0x40a08008: udprecv
01-Nov-2010 14:33:43.169 socket 0x40697568: socket_recv: event 0x408c91e8 ->
task 0x40a050c8
01-Nov-2010 14:33:43.169 fctx 0x40867c38(www.example.net/A'): start
01-Nov-2010 14:33:43.170 fctx 0x40867c38(www.example.net/A'): try
01-Nov-2010 14:33:43.170 fctx 0x40867c38(www.example.net/A'): cancelqueries
01-Nov-2010 14:33:43.170 fctx 0x40867c38(www.example.net/A'): getaddresses
01-Nov-2010 14:33:43.171 expiring v4 for name 0x40703a58
01-Nov-201
Re: Script to creat PTR zone from zone file
On 10/29/2010 04:13 PM, CT wrote:
Looking to write a script to create the PTR records..
Not much on the Web..
DOM style manipulation using dnspython. It can fully parse a RFC style
zone file including following $INCLUDE statements.
I've been planning on just having it do nsupdate calls rather than
outputing text and allowing it to read in an arbitrary number of zones
either from stdin or via a zone transfer.
Python script attached.
--
Russell A Jackson
Network Analyst
California State University, Bakersfield
#!/usr/bin/env python
import sys
import time
import dns.zone
import dns.name
import dns.rdataclass
import dns.rdatatype
from dns.node import Node
from dns.rdataset import from_rdata as rdataset_from_rdata
from dns.rdataset import from_rdata_list as rdataset_from_rdata_list
from dns.rdtypes.ANY.PTR import PTR
from dns.rdtypes.ANY.SOA import SOA
from dns.rdtypes.ANY.NS import NS
from dns.zone import Zone
from dns.zone import from_file as zone_from_file
#
# Terrible hack. Multiple A records for the same address will result in
# ambiguity. List the ones we don't want PTRs for here.
#
IGNORE = (
dns.name.from_text('ignore.domain'),
)
NAME_SERVERS = (
dns.name.from_text('ns0.domain'),
)
TTL = 1 * 60 * 60 # 1h
SOA_REFRESH = 24 * 60 * 60 # 24h
SOA_RETRY = 2 * 60 * 60 # 2h
SOA_EXPIRE = 24 * 60 * 60 # 24h
SOA_MINIMUM = 24 * 60 * 60 # 24h
SOA_RESPONSIBLE = 'noc.domain'
def usage():
print """usage: %s """ % sys.argv[0]
sys.exit(1)
def main(argv):
try:
input_origin = argv[1]
input_filename = argv[2]
output_origin = argv[3]
except IndexError:
usage()
fwd_zone = zone_from_file(input_filename, input_origin, relativize=False)
rev_zone = Zone(dns.name.from_text(output_origin))
node = Node()
soa = SOA(
dns.rdataclass.IN,
dns.rdatatype.SOA,
dns.name.from_text(SOA_RESPONSIBLE),
int(time.time()),
SOA_EXPIRE,
SOA_MINIMUM,
SOA_REFRESH,
SOA_RETRY,
)
node.rdatasets.append(rdataset_from_rdata(TTL, soa))
ns_rdata = []
for nameserver in NAME_SERVERS:
ns_rdata.append(
NS(
dns.rdataclass.IN,
dns.rdatatype.NS,
nameserver,
)
)
node.rdatasets.append(rdataset_from_rdata_list(TTL, ns_rdata))
rev_zone[rev_zone.origin] = node
for name, rdataset in fwd_zone.iterate_rdatasets('A'):
# PTRs can't point to wildcard records
if '*' in name or name in IGNORE:
continue
ip = rdataset.items[0].address
ptr = PTR(dns.rdataclass.IN, dns.rdatatype.PTR, name)
ptr_name_parts = ip.split('.')
ptr_name_parts.reverse()
ptr_name_parts.extend(('in-addr', 'arpa'))
ptr_name = dns.name.from_text('.'.join(ptr_name_parts))
node = Node()
node.rdatasets.append(rdataset_from_rdata(TTL, ptr))
try:
rev_zone[ptr_name] = node
except KeyError:
continue
rev_zone.to_file(sys.stdout)
if __name__ == '__main__':
main(sys.argv)
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Script to creat PTR zone from zone file
On 11/01/2010 11:56 AM, Russell Jackson wrote:
On 10/29/2010 04:13 PM, CT wrote:
Looking to write a script to create the PTR records..
Not much on the Web..
DOM style manipulation using dnspython. It can fully parse a RFC style
zone file including following $INCLUDE statements.
I've been planning on just having it do nsupdate calls rather than
outputing text and allowing it to read in an arbitrary number of zones
either from stdin or via a zone transfer.
Python script attached.
Crap. Mixed tab/space indention. Fixed.
I noticed someone brought up records in the other subthread. I
believe pythondns handles those so it wouldn't be difficult to add
support for them.
--
Russell A Jackson
Network Analyst
California State University, Bakersfield
#!/usr/bin/env python
import sys
import time
import dns.zone
import dns.name
import dns.rdataclass
import dns.rdatatype
from dns.node import Node
from dns.rdataset import from_rdata as rdataset_from_rdata
from dns.rdataset import from_rdata_list as rdataset_from_rdata_list
from dns.rdtypes.ANY.PTR import PTR
from dns.rdtypes.ANY.SOA import SOA
from dns.rdtypes.ANY.NS import NS
from dns.zone import Zone
from dns.zone import from_file as zone_from_file
#
# Terrible hack. Multiple A records for the same address will result in
# ambiguity. List the ones we don't want PTRs for here.
#
IGNORE = (
dns.name.from_text('ignore.domain'),
)
NAME_SERVERS = (
dns.name.from_text('ns0.domain'),
)
TTL = 1 * 60 * 60 # 1h
SOA_REFRESH = 24 * 60 * 60 # 24h
SOA_RETRY = 2 * 60 * 60 # 2h
SOA_EXPIRE = 24 * 60 * 60 # 24h
SOA_MINIMUM = 24 * 60 * 60 # 24h
SOA_RESPONSIBLE = 'noc.domain'
def usage():
print """usage: %s """ % sys.argv[0]
sys.exit(1)
def main(argv):
try:
input_origin = argv[1]
input_filename = argv[2]
output_origin = argv[3]
except IndexError:
usage()
fwd_zone = zone_from_file(input_filename, input_origin, relativize=False)
rev_zone = Zone(dns.name.from_text(output_origin))
node = Node()
soa = SOA(
dns.rdataclass.IN,
dns.rdatatype.SOA,
dns.name.from_text(SOA_RESPONSIBLE),
int(time.time()),
SOA_EXPIRE,
SOA_MINIMUM,
SOA_REFRESH,
SOA_RETRY,
)
node.rdatasets.append(rdataset_from_rdata(TTL, soa))
ns_rdata = []
for nameserver in NAME_SERVERS:
ns_rdata.append(
NS(
dns.rdataclass.IN,
dns.rdatatype.NS,
nameserver,
)
)
node.rdatasets.append(rdataset_from_rdata_list(TTL, ns_rdata))
rev_zone[rev_zone.origin] = node
for name, rdataset in fwd_zone.iterate_rdatasets('A'):
# PTRs can't point to wildcard records
if '*' in name or name in IGNORE:
continue
ip = rdataset.items[0].address
ptr = PTR(dns.rdataclass.IN, dns.rdatatype.PTR, name)
ptr_name_parts = ip.split('.')
ptr_name_parts.reverse()
ptr_name_parts.extend(('in-addr', 'arpa'))
ptr_name = dns.name.from_text('.'.join(ptr_name_parts))
node = Node()
node.rdatasets.append(rdataset_from_rdata(TTL, ptr))
try:
rev_zone[ptr_name] = node
except KeyError:
continue
rev_zone.to_file(sys.stdout)
if __name__ == '__main__':
main(sys.argv)
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
