- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
perl api script to look for DNS problems?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-23-2015 06:55 AM
I am wondering if anyone has written a perl script using the API to march thru one's DNS domain looking for problems, such as:
* A record with no corresponding PTR (or vice versa)
* CNAME that does not reference a known A record
Things like that. Before I strt writing, I am wondering if anyone got there first?
Solved! Go to Solution.
Re: perl api script to look for DNS problems?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-23-2015 04:16 PM
We used to and still sell a DNS Audit service (mentioned purely out of interest, and not to spruik more product!) that goes into a customer's environment to check a whole bunch of things, probably including what you have mentioned. These are typically run by PS engineers and I'm sure they will have a bunch of scripts to check DNS configs, consistency, etc... Having said that, I think you are on to something as I talk to a bunch of customers who have gone through migrations from previous systems but is essentially garbage out/garbage in and they are still stuck with dirty data. Getting it in Infoblox's database is a good thing however, because with things like the reporting server you can use it to clean up stale, unused records, with APIs people can write scripts like what you are suggesting, and if you do go ahead with it I'm sure it will help a lot of people.
Re: perl api script to look for DNS problems?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
09-29-2015 10:50 PM
Hey JEarickson,
Did you ever get around to writing out that script?
We recently had a telco migration and encountered an issue where their secondary zones were not able to resolve. Something which a pre and post DNS check perl script could have resolved if there was one.
We're in the process of doing one too and just wanted to touch bases.
Jonathan
Re: perl api script to look for DNS problems?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-01-2015 07:56 AM
Re: perl api script to look for DNS problems?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-01-2015 11:37 AM
There are multiple ways to solve this problem, the big issue to solve is how to make it run fast and correctly.
Deleting CNAMES is tricky because you need to be able to tell the difference between a CNAME that points internally (www.org.com -> mainserver.org.com) to one that is valid but off your namespace (search.org.com -> www.google.com). AND, then how do you also identify CNAMES that reference delegation points (www.org.com -> wwwpool.gslb.delegated.org.com )
so it is a non trivial problem to solve.
you also have to find the most efficient way to compare the records (do you get all the cnames and A via the API or just a zone transfer) and how do you delete the records (again, do you use the API, one delete per record, or use DDNS delete).
Anyway, here is a very simple implementation, that shows how to identify dangling CNAMES.
# set set up some defaults: my $REST_REV = "v2.1"; my $rest = Infoblox::REST->new({ # debug => 4, master => $SERVER, version => $REST_REV, username => $USER, password => $PASS }); if ( $rest->errors() ) { print Dumper ( $rest->errors() ) ; exit ; } # say "Getting ALL CNAMES\n"; # the name is always an FQDN my $data = $rest->GET( '/record:cname', { _max_results=>$MAXRESULTS , # '_return_fields+'=>'zone', } ) ; print "GET " . $rest->url() . "\n"; unless ( $data ) { print $rest->errorText() . "\n"; exit ; } # now walk each of these cnames and see if they point to somewhere we # know about foreach my $rec ( @{ $data } ) { my $name = $rec->{name}; my $canon = $rec->{canonical}; say "Check CNAME : $name -> $canon" if $DEBUG ; # see if there is a matching HOST my $hosts = $rest->GET( '/record:host', { name => $canon }) ; next if $hosts; # see if there is a matching A record my $arecs = $rest->GET( '/record:a', { name => $canon }) ; next if $arecs; print "TEST : " if $TEST ; say "DELETE CNAME : $name -> $canon no HOST or A records found" ; say "DELETE : $rec->{_ref}" if $DEBUG ; next if $TEST ; # set up some values we want to change to put into the body... # and don't forget the leading '/' before the key my $res = $rest->DELETE( "/$rec->{_ref}" ) ; print $rest->errorText() . "\n" unless $res; } exit ;