Post by Sam SargeantI'd like to see a tool where a variety of local nameservers were
queried for a given domain, so any disagreements are immediately
obvious. Does such a tool exist already, or does anyone have a list of
common authoritative nameservers for NZ?
If you have access to the *.NZ zones (I seem to remember there's a
mechanism for getting access to them so long as you are prepared to
declare that you will Do No Evil) then pulling it out of cron and
diffing against the previous copy ought to reveal delegation changes.
Sending queries to the old servers to see whether they still respond
authoritatively is then fairly trivial to script.
This could be done for all zones as a public service, or you could
check just those zones which have been re-delegated to your own
nameservers if you want a summary of problems your own customers are
about to have.
Checking your own nameservers is straightforward to automate. For
example, you could run the following out of cron every night, and fix
up any errors that appear in your mail the following morning. If
everybody did this (ho ho) there would be no need for any centralised
checking.
[monster:~]% ./stalezone.sh named.conf a.ns.hopcount.ca
16.21.202.in-addr.arpa may not be delegated to a.ns.hopcount.ca
5.1.1.1.0.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa may not be delegated to
a.ns.hopcount.ca
5.1.1.1.0.0.f.1.0.7.4.0.1.0.0.2.ip6.int may not be delegated to
a.ns.hopcount.ca
7.f.f.f.f.f.f.1.8.3.4.0.1.0.0.2.ip6.arpa may not be delegated to
a.ns.hopcount.ca
7.f.f.f.f.f.f.1.8.3.4.0.1.0.0.2.ip6.int may not be delegated to
a.ns.hopcount.ca
automagic.ca may not be delegated to a.ns.hopcount.ca
broadlinknz.net may not be delegated to a.ns.hopcount.ca
crypto.net may not be delegated to a.ns.hopcount.ca
desalis.gen.nz may not be delegated to a.ns.hopcount.ca
elyt.com may not be delegated to a.ns.hopcount.ca
entropy.co.nz may not be delegated to a.ns.hopcount.ca
f00f.org may not be delegated to a.ns.hopcount.ca
fx.net.nz may not be delegated to a.ns.hopcount.ca
fxeng.net.nz may not be delegated to a.ns.hopcount.ca
jackieandsimon.org may not be delegated to a.ns.hopcount.ca
linux.org.nz may not be delegated to a.ns.hopcount.ca
moronium.org may not be delegated to a.ns.hopcount.ca
nlri.ca may not be delegated to a.ns.hopcount.ca
nzix.net may not be delegated to a.ns.hopcount.ca
prng.net may not be delegated to a.ns.hopcount.ca
procurio.net may not be delegated to a.ns.hopcount.ca
search.net.nz may not be delegated to a.ns.hopcount.ca
stupidest.org may not be delegated to a.ns.hopcount.ca
unwired.net.fj may not be delegated to a.ns.hopcount.ca
wedgwood.info may not be delegated to a.ns.hopcount.ca
[monster:~]%
So, I guess I should actually be following my own advice. There will
be a brief delay while I do some housekeeping :-)
Joe
#!/bin/sh
#
# stalezone.sh
fail() {
echo $1 >&1
exit 1
}
test $# -eq 2 || fail "Syntax: $(basename $0) conf_file
name_of_nameserver"
conf=$1
test -f "${conf}" || fail "Cannot read ${conf}"
ns=$2
host ${ns} >/dev/null 2>&1 || fail "No such nameserver ${ns}"
awk '/^zone / { print $2; }' "${conf}" | tr -d \" | \
while read zone; do
test -z "$(dig +trace ${zone} NS 2>/dev/null | grep -i ${ns})" && \
echo "${zone} may not be delegated to ${ns}"
done