Zone stats

2023-08-21 Thread Mark Elkins via bind-users 

Hi,

I'm writing some software to be able to read information from a Zone 
file. I am a legally authorised Secondary Authoritative Nameserver for a 
number of domains or rather zone files, eg. EDU.ZA (and others). Is 
there an easy way to:-


1) Count how many delegated domains there are (Names with NS records)

2) Extract the above Names - so I can look for changes (Added/Deleted names)

3) find out how many unique names have DS records (I can DIG I suppose)

I'd also like to spot broken stuff (named-checkzone ?)

So the zones (such as EDU.ZA) contain the domain name of the entity 
(whois.edu.za) along with the Nameserver records and in this case, a DS 
record. e.g... "whois.edu.za" looks like


whois  NS    control.vweb.co.za.
   NS    secdns1.posix.co.za.
   NS    secdns2.posix.co.za.
   NS    secdns3.posix.co.za.
   DS    27300 13 2 
8ED21DB407F6AC3E6EA757AE566953C1BBADD8B652BE4C7C0744B1D7 9DF42894
   DS    17837 13 2 
36FD5B19450B672988AE507FB7D2F948ED1E889546C6E16554C7EAF9 CE9C3FEA


One hindrance is that journal files are present - so it is not just the 
zone file but the zone.jnl file as well.


Some African ccTLDs have everything in one zone e.g. their COM, EDU, GOV 
- etc. In South Africa, these are all separate zones, making life 
somewhat easier.


I'd hate to re-invent software that already exists.

The primary purpose is to pull in data into an (ICANN requested) African 
DNS Observatory.



--

Mark James ELKINS  -  Posix Systems - (South) Africa
m...@posix.co.za   Tel: +27.826010496 
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za 



Posix SystemsVCARD for MJ Elkins

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Zone stats

2023-08-21 Thread Grant Taylor via bind-users 

On 8/21/23 10:11 AM, Mark Elkins via bind-users wrote:

Hi,


Hi,


1) Count how many delegated domains there are (Names with NS records)


Mind your $ORIGIN and check the number of NS record owners.


2) Extract the above Names - so I can look for changes (Added/Deleted names)


I suspect that deltas; add / change / delete, will likely be outside of 
the scope of what bind will provide unless you crank up logging and 
parse it or behave as an incremental zone transfer client.



3) find out how many unique names have DS records (I can DIG I suppose)


Mind your $ORIGIN and check the number of DS record owners.


I'd also like to spot broken stuff (named-checkzone ?)


How are you getting your zone data?  Is it a zone transfer (AXFR / 
IXFR)?  Or do you have raw zone files?


One hindrance is that journal files are present - so it is not just the 
zone file but the zone.jnl file as well.


Check out the "-clean" flag to the "sync" command for rndc.

The primary purpose is to pull in data into an (ICANN requested) African 
DNS Observatory.


It sounds like you might be better off extracting data for multiple 
zones / (sub)domains therein from DNS and storing it in some format, 
likely a database, that will then be easier to process.




Grant. . . .
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: bind-users Digest, Vol 4302, Issue 1

2023-08-21 Thread Timothe Litt 

a) Use named-compilezone to extract the zone with journals applied.

b) my favorite: do an axfr of the zone, which gives the correct data 
with all the pseudo-ops expanded


c) Use a library - I use Perl's Net::DNS - and write code to do the axfr 
& walk the zone - it allows you to access fields in the records.


https://github.com/tlhackque/certtools has a simple utility called 
acme_token_check  that does (c) to remove stray ACME records - it shows 
how to do the transfer and walk the zone.   (And also how to use DNS 
UPDATE to maintain it.)


Enjoy.


Timothe Litt
ACM Distinguished Engineer
--
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.

On 21-Aug-23 18:56, bind-users-requ...@lists.isc.org wrote:

Send bind-users mailing list submissions to
bind-users@lists.isc.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/bind-users
or, via email, send a message with subject or body 'help' to
bind-users-requ...@lists.isc.org

You can reach the person managing the list at
bind-users-ow...@lists.isc.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of bind-users digest..."

Today's Topics:

1. Zone stats (Mark Elkins)
2. Re: Zone stats (Grant Taylor)

___
ISC funds the development of this software with paid support subscriptions. 
Contact us athttps://www.isc.org/contact/  for more information.

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


OpenPGP_signature
Description: OpenPGP digital signature
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Zone stats

2023-08-21 Thread Timothe Litt 

(Sorry for the duplicate/reply without context).  See below.

On 21-Aug-23 11:11, Mark Elkins wrote:


Hi,

I'm writing some software to be able to read information from a Zone 
file. I am a legally authorised Secondary Authoritative Nameserver for 
a number of domains or rather zone files, eg. EDU.ZA (and others). Is 
there an easy way to:-


1) Count how many delegated domains there are (Names with NS records)

2) Extract the above Names - so I can look for changes (Added/Deleted 
names)


3) find out how many unique names have DS records (I can DIG I suppose)

I'd also like to spot broken stuff (named-checkzone ?)

So the zones (such as EDU.ZA) contain the domain name of the entity 
(whois.edu.za) along with the Nameserver records and in this case, a 
DS record. e.g... "whois.edu.za" looks like


whois  NS control.vweb.co.za.
   NS secdns1.posix.co.za.
   NS secdns2.posix.co.za.
   NS secdns3.posix.co.za.
   DS    27300 13 2 
8ED21DB407F6AC3E6EA757AE566953C1BBADD8B652BE4C7C0744B1D7 9DF42894
   DS    17837 13 2 
36FD5B19450B672988AE507FB7D2F948ED1E889546C6E16554C7EAF9 CE9C3FEA


One hindrance is that journal files are present - so it is not just 
the zone file but the zone.jnl file as well.


Some African ccTLDs have everything in one zone e.g. their COM, EDU, 
GOV - etc. In South Africa, these are all separate zones, making life 
somewhat easier.


I'd hate to re-invent software that already exists.

The primary purpose is to pull in data into an (ICANN requested) 
African DNS Observatory.



--

Mark James ELKINS  -  Posix Systems - (South) Africa
m...@posix.co.za Tel: +27.826010496 
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za


Mark,

a) Use named-compilezone to extract the zone with journals applied.

b) my favorite: do an axfr of the zone, which gives the correct data 
with all the pseudo-ops expanded


c) Use a library - I use Perl's Net::DNS - and write code to do the axfr 
& walk the zone - it allows you to access fields in the records.


https://github.com/tlhackque/certtools has a simple utility called 
acme_token_check  that does (c) to remove stray ACME records - it shows 
how to do the transfer and walk the zone.   (And also how to use DNS 
UPDATE to maintain it.)


Enjoy.


Timothe Litt
ACM Distinguished Engineer
--
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.



OpenPGP_signature
Description: OpenPGP digital signature
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users