Reply
Highlighted
Accepted Solution

perl api script to look for DNS problems?

JEarickson
Techie
Posts: 6
4935     1

I am wondering if anyone has written a perl script using the API to march thru one's DNS domain looking for problems, such as:

 

* A record with no corresponding PTR (or vice versa)

* CNAME that does not reference a known A record

 

Things like that.  Before I strt writing, I am wondering if anyone got there first?

Re: perl api script to look for DNS problems?

Adviser
Posts: 85
4936     1

We used to and still sell a DNS Audit service (mentioned purely out of interest, and not to spruik more product!) that goes into a customer's environment to check a whole bunch of things, probably including what you have mentioned. These are typically run by PS engineers and I'm sure they will have a bunch of scripts to check DNS configs, consistency, etc... Having said that, I think you are on to something as I talk to a bunch of customers who have gone through migrations from previous systems but is essentially garbage out/garbage in and they are still stuck with dirty data. Getting it in Infoblox's database is a good thing however, because with things like the reporting server you can use it to clean up stale, unused records, with APIs people can write scripts like what you are suggesting, and if you do go ahead with it I'm sure it will help a lot of people.

Re: perl api script to look for DNS problems?

jonathan
Techie
Posts: 2
4936     1

Hey JEarickson, 

Did you ever get around to writing out that script? 

We recently had a telco migration and encountered an issue where their secondary zones were not able to resolve. Something which a pre and post DNS check perl script could have resolved if there was one. 

We're in the process of doing one too and just wanted to touch bases. 

 

Jonathan 

Builder of networks: human and non-human

Re: perl api script to look for DNS problems?

JEarickson
Techie
Posts: 6
4936     1
I have not really started yet, but I have other scripts of mine to work from. This is on my near-term to-do list, if I can keep other things at bay.

Re: perl api script to look for DNS problems?

GHorne Community Manager
Community Manager
Posts: 254
4936     1

There are multiple ways to solve this problem, the big issue to solve is how to make it run fast and correctly.

 

Deleting CNAMES is tricky because you need to be able to tell the difference between a CNAME that points internally (www.org.com -> mainserver.org.com) to one that is valid but off your namespace (search.org.com -> www.google.com). AND, then how do you also identify CNAMES that reference delegation points (www.org.com -> wwwpool.gslb.delegated.org.com )

 

so it is a non trivial problem to solve.

 

you also have to find the most efficient way to compare the records (do you get all the cnames and A via the API or just a zone transfer) and how do you delete the records (again, do you use the API, one delete per record, or use DDNS delete).

 

Anyway, here is a very simple implementation, that shows how to identify dangling CNAMES.

 

# set set up some defaults:
my $REST_REV = "v2.1";

my $rest = Infoblox::REST->new({
#             debug => 4,
            master => $SERVER,
            version => $REST_REV,
            username => $USER,
            password => $PASS
});

if ( $rest->errors() ) {
    print Dumper ( $rest->errors() ) ;
    exit ;
}

# say "Getting ALL CNAMES\n";

# the name is always an FQDN
my $data = $rest->GET( '/record:cname', { 
        _max_results=>$MAXRESULTS ,
#         '_return_fields+'=>'zone',
    } ) ;
print "GET " . $rest->url() . "\n";

unless ( $data ) {
    print $rest->errorText() . "\n";
    exit ;
}

# now walk each of these cnames and see if they point to somewhere we
# know about

foreach my $rec ( @{ $data } ) {
    my $name = $rec->{name};
    my $canon = $rec->{canonical};
    say "Check CNAME : $name -> $canon" if $DEBUG ;

    # see if there is a matching HOST
    my $hosts = $rest->GET( '/record:host', { 
            name => $canon
    }) ;

    next if $hosts;

    # see if there is a matching A record
    my $arecs = $rest->GET( '/record:a', { 
            name => $canon
    }) ;

    next if $arecs;

    print "TEST : " if $TEST ;

    say "DELETE CNAME : $name -> $canon no HOST or A records found" ;
    say "DELETE : $rec->{_ref}" if $DEBUG ;

    next if $TEST ;

    # set up some values we want to change to put into the body...
    # and don't forget the leading '/' before the key

    my $res = $rest->DELETE( "/$rec->{_ref}" ) ;
    print $rest->errorText() . "\n" unless $res;

}

exit ;
Showing results for 
Search instead for 
Do you mean 

Recommended for You