Learn How We Can Help You Keep Teleworkers Protected During the COVID-19 Crisis

API & Integration

Reply
Highlighted

perl api script to look for DNS problems?
JEarickson
Techie
Posts: 6

‎09-23-2015 06:55 AM

6135     2

I am wondering if anyone has written a perl script using the API to march thru one's DNS domain looking for problems, such as:

 

* A record with no corresponding PTR (or vice versa)

* CNAME that does not reference a known A record

 

Things like that.  Before I strt writing, I am wondering if anyone got there first?

Labels:
Reply
Highlighted

Re: perl api script to look for DNS problems?
jchik
Adviser
Posts: 86

‎09-23-2015 04:16 PM

6135     2

We used to and still sell a DNS Audit service (mentioned purely out of interest, and not to spruik more product!) that goes into a customer's environment to check a whole bunch of things, probably including what you have mentioned. These are typically run by PS engineers and I'm sure they will have a bunch of scripts to check DNS configs, consistency, etc... Having said that, I think you are on to something as I talk to a bunch of customers who have gone through migrations from previous systems but is essentially garbage out/garbage in and they are still stuck with dirty data. Getting it in Infoblox's database is a good thing however, because with things like the reporting server you can use it to clean up stale, unused records, with APIs people can write scripts like what you are suggesting, and if you do go ahead with it I'm sure it will help a lot of people.

Reply
0 Kudos
Highlighted

Re: perl api script to look for DNS problems?
jonathan
Techie
Posts: 2

‎09-29-2015 10:50 PM

6135     2

Hey JEarickson, 

Did you ever get around to writing out that script? 

We recently had a telco migration and encountered an issue where their secondary zones were not able to resolve. Something which a pre and post DNS check perl script could have resolved if there was one. 

We're in the process of doing one too and just wanted to touch bases. 

 

Jonathan 

Builder of networks: human and non-human
Reply
0 Kudos
Highlighted

Re: perl api script to look for DNS problems?
JEarickson
Techie
Posts: 6

‎10-01-2015 07:56 AM

6135     2
I have not really started yet, but I have other scripts of mine to work from. This is on my near-term to-do list, if I can keep other things at bay.
Reply
0 Kudos
Highlighted

Re: perl api script to look for DNS problems?
GHorne
Community Manager
Community Manager
Posts: 248

‎10-01-2015 11:37 AM

6135     2

There are multiple ways to solve this problem, the big issue to solve is how to make it run fast and correctly.

 

Deleting CNAMES is tricky because you need to be able to tell the difference between a CNAME that points internally (www.org.com -> mainserver.org.com) to one that is valid but off your namespace (search.org.com -> www.google.com). AND, then how do you also identify CNAMES that reference delegation points (www.org.com -> wwwpool.gslb.delegated.org.com )

 

so it is a non trivial problem to solve.

 

you also have to find the most efficient way to compare the records (do you get all the cnames and A via the API or just a zone transfer) and how do you delete the records (again, do you use the API, one delete per record, or use DDNS delete).

 

Anyway, here is a very simple implementation, that shows how to identify dangling CNAMES.

 

# set set up some defaults:
my $REST_REV = "v2.1";

my $rest = Infoblox::REST->new({
#             debug => 4,
            master => $SERVER,
            version => $REST_REV,
            username => $USER,
            password => $PASS
});

if ( $rest->errors() ) {
    print Dumper ( $rest->errors() ) ;
    exit ;
}

# say "Getting ALL CNAMES\n";

# the name is always an FQDN
my $data = $rest->GET( '/record:cname', { 
        _max_results=>$MAXRESULTS ,
#         '_return_fields+'=>'zone',
    } ) ;
print "GET " . $rest->url() . "\n";

unless ( $data ) {
    print $rest->errorText() . "\n";
    exit ;
}

# now walk each of these cnames and see if they point to somewhere we
# know about

foreach my $rec ( @{ $data } ) {
    my $name = $rec->{name};
    my $canon = $rec->{canonical};
    say "Check CNAME : $name -> $canon" if $DEBUG ;

    # see if there is a matching HOST
    my $hosts = $rest->GET( '/record:host', { 
            name => $canon
    }) ;

    next if $hosts;

    # see if there is a matching A record
    my $arecs = $rest->GET( '/record:a', { 
            name => $canon
    }) ;

    next if $arecs;

    print "TEST : " if $TEST ;

    say "DELETE CNAME : $name -> $canon no HOST or A records found" ;
    say "DELETE : $rec->{_ref}" if $DEBUG ;

    next if $TEST ;

    # set up some values we want to change to put into the body...
    # and don't forget the leading '/' before the key

    my $res = $rest->DELETE( "/$rec->{_ref}" ) ;
    print $rest->errorText() . "\n" unless $res;

}

exit ;
Reply
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Latest Annoucements

Infoblox Experts Community

You have reached the maximum number of topics allowed as a visitor. Please Login or Join the community to continue to read.

Join for free

TOPICS REMAINING

Register for unlimited browsing. Registration is FREE.

Join Community