Identifying and deleting unused DNS entries
Danny Thomas
d.thomas at its.uq.edu.au
Wed Sep 26 06:12:42 UTC 2007
blrmaani <blrmaani at gmail.com> asked
>I maintain a DNS server running BIND 9.2.x. We have several unused
>entries but I donot want to delete it before making sure that these
>A records/CNAMES are not being queried.
>
>One approach I know of is to enable querylog, check for the names to
>be deleted in the querylog and delete it if these names are NOT in the
>querylog.
>
>Does BIND maintain some kind of statistics per CNAME/A record ?
>Is there any better approach to solve this problem?
at least for hostname records, I don't believe the absence of dns
queries is a great indicator whether a host still exists.
the policy on our network is to register every active ip-address
including network, gateway, HSRP & broadcast addresses. Conversely
inactive ip-addresses should get removed from the dns.
We use router netflows to identify
active ip-addresses not registered in the dns
dns hostnames no longer seen to be active
The date ip-addresses were last seen to be active is also displayed
against each ip-address managed through our web-based dns management system
this information is also brought through to our network information portal
NB for various reasons the flows have not be updated since 03-Jul
PORTAL EXAMPLE 1
============================================================================
VLAN 521
VLAN: Ipswich Students 2
VLAN type: network
VLAN site: Ipswich
466 hosts (55 not registered in DNS), 91.9% of 507 usable-addresses
this VLAN is not handled by the central DHCP server
routed by the HSRP cluster letron/synot
CIDR gateway # ? x Q ou
192.168.10.0/23 192.168.10.30 466 55 3 - its-uqi
the # column has the total number of hosts seen from flows during
01-Aug-2006 thru 03-Jul-2007 (336 days)
the ? column has the number of such hosts not registered in the central DNS
the x column has the number of hosts registered in the central DNS not seen
in flows
the Q column represents whether the CIDR is handled by the Quotient Traffic
Charging system
PORTAL EXAMPLE 2
============================================================================
this page is brought up when the '3' link in the 'x' column is clicked
3 hosts registered in the DNS were not seen to be active
displaying just those registered in the DNS but not seen to be active
IP hostname
192.168.10.205 uqi-stud01867.studio.uqi.uq.edu.au
192.168.10.254 the-lexx.studio.uqi.uq.edu.au
192.168.11.255 broadcast-p10.studio.uqi.uq.edu.au
PORTAL EXAMPLE 3
============================================================================
this page is brought up when the '466' link in the '#' column is clicked
411 of the 466 active ip-addresses seen in 192.168.10.0/23 during 01-Aug-2006
thru 03-Jul-2007 (336 days) were registered in the DNS
3 hosts registered in the DNS were not seen to be active
displaying all active addresses
IP first-time num-days last-time hostname
192.168.10.0 06-Aug-2006 33 9-Dec-2006 net-p10.studio.uqi....
192.168.10.1 05-Aug-2006 134 02-Jul-2007 uqi-rembostud.studio....
192.168.10.2 14-Aug-2006 23 08-Jun-2007
192.168.10.3 14-Aug-2006 17 08-Feb-2007
192.168.10.4 14-Aug-2006 13 16-May-2007
192.168.10.5 01-Aug-2006 293 03-Jul-2007
PORTAL EXAMPLE 4
============================================================================
A special web-page is generated for server domains and lists hostnames
whose ip-address has not been seen to be active in the last month.
The fact that such a list has hundreds of entries indicates the
processes followed by the server groups for removing interfaces is not
good as they manage these dns entries.
NB those marked with a '*' are dns entries not created through the WebDNS
interface. Produced in 2.0 secs at 13:06 PM on 05-Jul-2007 by
make-inactive-ip-pages.pl (script)
The following server domains were inspected:
* cc.uq.edu.au
* mgmt.cc.uq.edu.au
* soe.uq.edu.au
* sinet.uq.edu.au
* ldap.uq.edu.au
These 189 have been inactive (since flow-processing began 2006-08-01):
IP hostname
130.102.2.14 * squeak.cc.uq.edu.au + 1 other name
130.102.2.39 * calpilot.cc.uq.edu.au
130.102.2.55 * dhcptest1.cc.uq.edu.au
130.102.2.70 * gourd.cc.uq.edu.au (USG) + 1 other name
130.102.2.76 * inferno.cc.uq.edu.au (USG)
130.102.2.92 * stg-virt2.cc.uq.edu.au
130.102.2.93 * stg-virt3.cc.uq.edu.au
130.102.2.94 * stg-virt4.cc.uq.edu.au
130.102.2.95 * stg-virt5.cc.uq.edu.au
130.102.3.124 premier.soe.uq.edu.au (USG)
130.102.3.125 deuxieme.soe.uq.edu.au (USG)
130.102.3.128 point.soe.uq.edu.au (USG)
....
Danny
--
d.thomas at its.uq.edu.au Danny Thomas,
+61-7-3365-8221 Software Infrastructure,
http://www.its.uq.edu.au ITS, The University of Queensland
More information about the bind-users
mailing list