NS record question

[Brad Knowles]

At 9:20 AM -0800 3/28/01, Bill Manning wrote:

>  ... that said, could we PLEASE have better error checking?  I -hate-
>  having named-checkzone tell me I have an error in line 24833 (the last
>  line of the zone file) when I've a single quote instead of a double quote
>  on a TXT RR field in line 457.  Talk about your time consuming
>  <search & destroy> analysis of the file in question to ID the offending
>  line.  BIND lint anyone?

	Problem is, we've already got nslint and dnswalk, but both of 
these tools look *only* at the DNS zones as they are currently loaded 
on a nameservers somewhere out there.


	I'd really, really like to see tools that would also take local 
files as input to be checked, and to apply some common-sense rules to 
some of the contents of the zones -- even if certain things are 
technically legal, for example it's pretty stupid to have your 
refresh be larger than your minimum TTL.

	It should also incorporate all the checks done in nslint and 
dnswalk, plus what I've got in doc, be able to take input from either 
local files or on zones that are loaded somewhere out in the real 
world, be able to do as much as it can without necessarily requiring 
zone transfers, etc....

	Of course, it'd also need to be able to parse named.conf files 
and then compare what the nameserver thinks it's supposed to be 
authoritative for against what the root nameservers think, etc.... 
It would also be cool if we could incorporate some stuff to 
"fingerprint" nameservers, so that we could get a better idea of what 
nameserver code (and version) is being run on a particular machine.


	named-checkzone is a good tool to see if the zone file is 
technically legal according to the exact same routines used 
internally within BINDv9, but that doesn't mean that it covers all 
possible, or even necessarily the majority, of things that need to be 
checked.


	I am willing and interested in participating in the development 
of a tool of this sort.  I could contribute everything currently 
incorporated in doc, plus some of the "Best Current Practice" stuff, 
and it shouldn't be too hard to build a module to parse named.conf 
files.

	Unfortunately, I fear that it would be extremely difficult to do 
this sort of thing within the framework of dnswalk (into which I have 
previously committed to bringing the functionality of doc), in large 
part because it now uses the Perl::DNS routines, and doesn't have its 
own internal caching scheme into which you could easily plug in local 
file sources.

	Is anyone else interested?

-- 
Brad Knowles, <brad.knowles at skynet.be>

/*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>          */
/*       Represented as 1045 digit prime number by Phil Carmody         */
/*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
/*                                                                      */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
/*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */

dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'