Zone stats

Timothe Litt litt at acm.org
Tue Aug 22 00:10:01 UTC 2023 

(Sorry for the duplicate/reply without context).  See below.

On 21-Aug-23 11:11, Mark Elkins wrote:
>
> Hi,
>
> I'm writing some software to be able to read information from a Zone 
> file. I am a legally authorised Secondary Authoritative Nameserver for 
> a number of domains or rather zone files, eg. EDU.ZA (and others). Is 
> there an easy way to:-
>
> 1) Count how many delegated domains there are (Names with NS records)
>
> 2) Extract the above Names - so I can look for changes (Added/Deleted 
> names)
>
> 3) find out how many unique names have DS records (I can DIG I suppose)
>
> I'd also like to spot broken stuff (named-checkzone ?)
>
> So the zones (such as EDU.ZA) contain the domain name of the entity 
> (whois.edu.za) along with the Nameserver records and in this case, a 
> DS record. e.g... "whois.edu.za" looks like....
>
> whois                              NS control.vweb.co.za.
>                                    NS secdns1.posix.co.za.
>                                    NS secdns2.posix.co.za.
>                                    NS secdns3.posix.co.za.
>                                    DS        27300 13 2 
> 8ED21DB407F6AC3E6EA757AE566953C1BBADD8B652BE4C7C0744B1D7 9DF42894
>                                    DS        17837 13 2 
> 36FD5B19450B672988AE507FB7D2F948ED1E889546C6E16554C7EAF9 CE9C3FEA
>
> One hindrance is that journal files are present - so it is not just 
> the zone file but the zone.jnl file as well.
>
> Some African ccTLDs have everything in one zone e.g. their COM, EDU, 
> GOV - etc. In South Africa, these are all separate zones, making life 
> somewhat easier.
>
> I'd hate to re-invent software that already exists.
>
> The primary purpose is to pull in data into an (ICANN requested) 
> African DNS Observatory.
>
>
> -- 
>
> Mark James ELKINS  -  Posix Systems - (South) Africa
> mje at posix.co.za Tel: +27.826010496 <tel:+27826010496>
> For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
>
Mark,

a) Use named-compilezone to extract the zone with journals applied.

b) my favorite: do an axfr of the zone, which gives the correct data 
with all the pseudo-ops expanded

c) Use a library - I use Perl's Net::DNS - and write code to do the axfr 
& walk the zone - it allows you to access fields in the records.

https://github.com/tlhackque/certtools has a simple utility called 
acme_token_check  that does (c) to remove stray ACME records - it shows 
how to do the transfer and walk the zone.   (And also how to use DNS 
UPDATE to maintain it.)

Enjoy.


Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230821/1a579ccb/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230821/1a579ccb/attachment.sig>

More information about the bind-users mailing list