Zone stats
Timothe Litt
litt at acm.org
Tue Aug 22 00:10:01 UTC 2023
(Sorry for the duplicate/reply without context). See below.
On 21-Aug-23 11:11, Mark Elkins wrote:
>
> Hi,
>
> I'm writing some software to be able to read information from a Zone
> file. I am a legally authorised Secondary Authoritative Nameserver for
> a number of domains or rather zone files, eg. EDU.ZA (and others). Is
> there an easy way to:-
>
> 1) Count how many delegated domains there are (Names with NS records)
>
> 2) Extract the above Names - so I can look for changes (Added/Deleted
> names)
>
> 3) find out how many unique names have DS records (I can DIG I suppose)
>
> I'd also like to spot broken stuff (named-checkzone ?)
>
> So the zones (such as EDU.ZA) contain the domain name of the entity
> (whois.edu.za) along with the Nameserver records and in this case, a
> DS record. e.g... "whois.edu.za" looks like....
>
> whois NS control.vweb.co.za.
> NS secdns1.posix.co.za.
> NS secdns2.posix.co.za.
> NS secdns3.posix.co.za.
> DS 27300 13 2
> 8ED21DB407F6AC3E6EA757AE566953C1BBADD8B652BE4C7C0744B1D7 9DF42894
> DS 17837 13 2
> 36FD5B19450B672988AE507FB7D2F948ED1E889546C6E16554C7EAF9 CE9C3FEA
>
> One hindrance is that journal files are present - so it is not just
> the zone file but the zone.jnl file as well.
>
> Some African ccTLDs have everything in one zone e.g. their COM, EDU,
> GOV - etc. In South Africa, these are all separate zones, making life
> somewhat easier.
>
> I'd hate to re-invent software that already exists.
>
> The primary purpose is to pull in data into an (ICANN requested)
> African DNS Observatory.
>
>
> --
>
> Mark James ELKINS - Posix Systems - (South) Africa
> mje at posix.co.za Tel: +27.826010496 <tel:+27826010496>
> For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
>
Mark,
a) Use named-compilezone to extract the zone with journals applied.
b) my favorite: do an axfr of the zone, which gives the correct data
with all the pseudo-ops expanded
c) Use a library - I use Perl's Net::DNS - and write code to do the axfr
& walk the zone - it allows you to access fields in the records.
https://github.com/tlhackque/certtools has a simple utility called
acme_token_check that does (c) to remove stray ACME records - it shows
how to do the transfer and walk the zone. (And also how to use DNS
UPDATE to maintain it.)
Enjoy.
Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230821/1a579ccb/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230821/1a579ccb/attachment.sig>
More information about the bind-users
mailing list