NS record question
Brad Knowles
brad.knowles at skynet.be
Wed Mar 28 22:54:10 UTC 2001
At 9:20 AM -0800 3/28/01, Bill Manning wrote:
> ... that said, could we PLEASE have better error checking? I -hate-
> having named-checkzone tell me I have an error in line 24833 (the last
> line of the zone file) when I've a single quote instead of a double quote
> on a TXT RR field in line 457. Talk about your time consuming
> <search & destroy> analysis of the file in question to ID the offending
> line. BIND lint anyone?
Problem is, we've already got nslint and dnswalk, but both of
these tools look *only* at the DNS zones as they are currently loaded
on a nameservers somewhere out there.
I'd really, really like to see tools that would also take local
files as input to be checked, and to apply some common-sense rules to
some of the contents of the zones -- even if certain things are
technically legal, for example it's pretty stupid to have your
refresh be larger than your minimum TTL.
It should also incorporate all the checks done in nslint and
dnswalk, plus what I've got in doc, be able to take input from either
local files or on zones that are loaded somewhere out in the real
world, be able to do as much as it can without necessarily requiring
zone transfers, etc....
Of course, it'd also need to be able to parse named.conf files
and then compare what the nameserver thinks it's supposed to be
authoritative for against what the root nameservers think, etc....
It would also be cool if we could incorporate some stuff to
"fingerprint" nameservers, so that we could get a better idea of what
nameserver code (and version) is being run on a particular machine.
named-checkzone is a good tool to see if the zone file is
technically legal according to the exact same routines used
internally within BINDv9, but that doesn't mean that it covers all
possible, or even necessarily the majority, of things that need to be
checked.
I am willing and interested in participating in the development
of a tool of this sort. I could contribute everything currently
incorporated in doc, plus some of the "Best Current Practice" stuff,
and it shouldn't be too hard to build a module to parse named.conf
files.
Unfortunately, I fear that it would be extremely difficult to do
this sort of thing within the framework of dnswalk (into which I have
previously committed to bringing the functionality of doc), in large
part because it now uses the Perl::DNS routines, and doesn't have its
own internal caching scheme into which you could easily plug in local
file sources.
Is anyone else interested?
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* Represented as 1045 digit prime number by Phil Carmody */
/* Prime as DNS cname chain by Roy Arends and Walter Belgers */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
More information about the bind-users
mailing list