Apart from using Bernstein's tinydns, anyone have any scripts for looking for problems in zone files or for incrementing the serial number reliably? BTW: OpenBSD packages for djbdns & others are on my web page -- Crypto ergo sum. https://www.subspacefield.org/~travis/ Truth does not fear scrutiny or competition, only lies do. If you are a spammer, please email john@subspacefield.org to get blacklisted.
travis+ml-nanog@subspacefield.org writes:
Apart from using Bernstein's tinydns, anyone have any scripts for looking for problems in zone files or for incrementing the serial number reliably?
If you are using BIND, your problem is solved by DDNS and nsupdate. this has the added advantage of making it significantly more difficult for the new dns guy (or a buggy script) to take out your nameserver.
Quoting travis+ml-nanog@subspacefield.org:
Apart from using Bernstein's tinydns, anyone have any scripts for looking for problems in zone files or for incrementing the serial number reliably?
Check out BIND's named-checkzone and named-compilezone, depending on exactly what you are looking for. There are a number of command line parameters for fine tuning what you care about, and you can use the return value to determine if the zone is valid or not. As for the serial number, that is some simple scripting depending on what value you use for the serial number. -- Jason Confidentiality Notice: This e-mail message (including any attached or embedded documents) is intended for the exclusive and confidential use of the individual or entity to which this message is addressed, and unless otherwise expressly indicated, is confidential and privileged information of Rackspace. Any dissemination, distribution or copying of the enclosed material is prohibited. If you receive this transmission in error, please notify us immediately by e-mail at abuse@rackspace.com, and delete the original message. Your cooperation is appreciated.
On Sat, Jul 05, 2008 at 04:07:28PM -0500, travis+ml-nanog@subspacefield.org wrote:
Apart from using Bernstein's tinydns, anyone have any scripts for looking for problems in zone files or for incrementing the serial number reliably?
Well, all my networks are tiny, and I've only recently started having to stir DNS zones again, but named-checkconf seems to give good hints. There are also some public-facing things at domtools.com, and of course dnsreport.com... but I see DNSreport went for-pay. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin)
jra@baylink.com ("Jay R. Ashworth") writes:
On Sat, Jul 05, 2008 at 04:07:28PM -0500, travis+ml-nanog@subspacefield.org wrote:
Apart from using Bernstein's tinydns, anyone have any scripts for looking for problems in zone files or for incrementing the serial number reliably?
Well, all my networks are tiny, and I've only recently started having to stir DNS zones again, but named-checkconf seems to give good hints.
There are also some public-facing things at domtools.com, and of course dnsreport.com... but I see DNSreport went for-pay.
unlike nanog, there is a mailing list where this thread would be on-topic. http://lists.oarci.net/mailman/listinfo/dns-operations/ is how to find it. -- Paul Vixie -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Jay R. Ashworth wrote:
On Sat, Jul 05, 2008 at 04:07:28PM -0500, travis+ml-nanog@subspacefield.org wrote:
Apart from using Bernstein's tinydns, anyone have any scripts for looking for problems in zone files or for incrementing the serial number reliably?
Well, all my networks are tiny, and I've only recently started having to stir DNS zones again, but named-checkconf seems to give good hints.
There are also some public-facing things at domtools.com, and of course dnsreport.com... but I see DNSreport went for-pay.
http://www.ZoneCheck.fr Of course not one is the full-check, thus you'll have to combine a couple of them or write your own check. I (well the script ;) also check the delegations from the root down and verify that all the nameservers in that tree think that they are the same SOA-wise and delegation-wise. You'll be astonished how often things break up in the tree that can cause rather odd and not easily found failures otherwise. Greets, Jeroen
On Jul 5, 2008, at 2:07 PM, travis+ml-nanog@subspacefield.org wrote:
Apart from using Bernstein's tinydns, anyone have any scripts for looking for problems in zone files or for incrementing the serial number reliably?
Yes, they talk about those things on mailing lists concerned with DNS. (hint: not this one) -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness
participants (7)
-
Jay R. Ashworth
-
jbratton@rackspace.com
-
Jeroen Massar
-
Jo Rhett
-
Luke S Crawford
-
Paul Vixie
-
travis+ml-nanog@subspacefield.org