Zone stats

Mark Elkins mark at posix.co.za
Sun Aug 27 16:17:14 UTC 2023 

Thank you Timothe for this. I tested this on some of my domains and 
found AXFR worked the best....

dig @::1 $zone axfr | grep -v '^;' | grep -v '^$zone' | grep 'NS        
' | cut -f1 | cut -f1 -d' ' | sed 's/\.$//' |sort -u > axfr.$zone

... does the trick. $zone is the Zone in question. There is a <tab> 
after "NS".

Take a Zone, Strip comments, Strip lines beginning with the Zone, Look 
for NS records (exclude NSEC records), take the first argument (strip 
trailing dot) and make the output sorted and unique...

I'll be writing in PHP and already use a similar PHP "NET::DNS" type 
library.... so shouldn't be difficult.

Yes - this will go into a Database - etc..

On 2023/08/22 02:10, Timothe Litt wrote:
>
> (Sorry for the duplicate/reply without context).  See below.
>
> On 21-Aug-23 11:11, Mark Elkins wrote:
>>
>> Hi,
>>
>> I'm writing some software to be able to read information from a Zone 
>> file. I am a legally authorised Secondary Authoritative Nameserver 
>> for a number of domains or rather zone files, eg. EDU.ZA (and 
>> others). Is there an easy way to:-
>>
>> 1) Count how many delegated domains there are (Names with NS records)
>>
>> 2) Extract the above Names - so I can look for changes (Added/Deleted 
>> names)
>>
>> 3) find out how many unique names have DS records (I can DIG I suppose)
>>
>> I'd also like to spot broken stuff (named-checkzone ?)
>>
>> So the zones (such as EDU.ZA) contain the domain name of the entity 
>> (whois.edu.za) along with the Nameserver records and in this case, a 
>> DS record. e.g... "whois.edu.za" looks like....
>>
>> whois                              NS control.vweb.co.za.
>>                                    NS secdns1.posix.co.za.
>>                                    NS secdns2.posix.co.za.
>>                                    NS secdns3.posix.co.za.
>>                                    DS        27300 13 2 
>> 8ED21DB407F6AC3E6EA757AE566953C1BBADD8B652BE4C7C0744B1D7 9DF42894
>>                                    DS        17837 13 2 
>> 36FD5B19450B672988AE507FB7D2F948ED1E889546C6E16554C7EAF9 CE9C3FEA
>>
>> One hindrance is that journal files are present - so it is not just 
>> the zone file but the zone.jnl file as well.
>>
>> Some African ccTLDs have everything in one zone e.g. their COM, EDU, 
>> GOV - etc. In South Africa, these are all separate zones, making life 
>> somewhat easier.
>>
>> I'd hate to re-invent software that already exists.
>>
>> The primary purpose is to pull in data into an (ICANN requested) 
>> African DNS Observatory.
>>
>>
>> -- 
>>
>> Mark James ELKINS  -  Posix Systems - (South) Africa
>> mje at posix.co.za Tel: +27.826010496 <tel:+27826010496>
>> For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
>>
> Mark,
>
> a) Use named-compilezone to extract the zone with journals applied.
>
> b) my favorite: do an axfr of the zone, which gives the correct data 
> with all the pseudo-ops expanded
>
> c) Use a library - I use Perl's Net::DNS - and write code to do the 
> axfr & walk the zone - it allows you to access fields in the records.
>
> https://github.com/tlhackque/certtools has a simple utility called 
> acme_token_check  that does (c) to remove stray ACME records - it 
> shows how to do the transfer and walk the zone.   (And also how to use 
> DNS UPDATE to maintain it.)
>
> Enjoy.
>
>
> Timothe Litt
> ACM Distinguished Engineer
> --------------------------
> This communication may not represent the ACM or my employer's views,
> if any, on the matters discussed.
-- 

Mark James ELKINS  -  Posix Systems - (South) Africa
mje at posix.co.za       Tel: +27.826010496 <tel:+27826010496>
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za 
<https://ftth.posix.co.za>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230827/126abffd/attachment.htm>

More information about the bind-users mailing list