Infoblox Exchange Cybersecurity Roadshow 2020 – Join us!
North America | Europe | Middle East/Africa | Asia-Pacific

Register Now

API & Integration

Reply
Accepted Solution

perl api script to look for DNS problems?
JEarickson
JEarickson
Techie
Posts: 6

‎09-23-2015 06:55 AM

5189     2

I am wondering if anyone has written a perl script using the API to march thru one's DNS domain looking for problems, such as:

 

* A record with no corresponding PTR (or vice versa)

* CNAME that does not reference a known A record

 

Things like that.  Before I strt writing, I am wondering if anyone got there first?

Labels:
Reply

Re: perl api script to look for DNS problems?
jchik
Adviser
Posts: 86

‎09-23-2015 04:16 PM

5189     2

We used to and still sell a DNS Audit service (mentioned purely out of interest, and not to spruik more product!) that goes into a customer's environment to check a whole bunch of things, probably including what you have mentioned. These are typically run by PS engineers and I'm sure they will have a bunch of scripts to check DNS configs, consistency, etc... Having said that, I think you are on to something as I talk to a bunch of customers who have gone through migrations from previous systems but is essentially garbage out/garbage in and they are still stuck with dirty data. Getting it in Infoblox's database is a good thing however, because with things like the reporting server you can use it to clean up stale, unused records, with APIs people can write scripts like what you are suggesting, and if you do go ahead with it I'm sure it will help a lot of people.

Reply
0 Kudos

Re: perl api script to look for DNS problems?
jonathan
jonathan
Techie
Posts: 2

‎09-29-2015 10:50 PM

5189     2

Hey JEarickson, 

Did you ever get around to writing out that script? 

We recently had a telco migration and encountered an issue where their secondary zones were not able to resolve. Something which a pre and post DNS check perl script could have resolved if there was one. 

We're in the process of doing one too and just wanted to touch bases. 

 

Jonathan 

Builder of networks: human and non-human
Reply
0 Kudos

Re: perl api script to look for DNS problems?
JEarickson
JEarickson
Techie
Posts: 6

‎10-01-2015 07:56 AM

5189     2
I have not really started yet, but I have other scripts of mine to work from. This is on my near-term to-do list, if I can keep other things at bay.
Reply
0 Kudos
Highlighted

Re: perl api script to look for DNS problems?
GHorne
GHorne Community Manager
Community Manager
Posts: 248

‎10-01-2015 11:37 AM

5189     2

There are multiple ways to solve this problem, the big issue to solve is how to make it run fast and correctly.

 

Deleting CNAMES is tricky because you need to be able to tell the difference between a CNAME that points internally (www.org.com -> mainserver.org.com) to one that is valid but off your namespace (search.org.com -> www.google.com). AND, then how do you also identify CNAMES that reference delegation points (www.org.com -> wwwpool.gslb.delegated.org.com )

 

so it is a non trivial problem to solve.

 

you also have to find the most efficient way to compare the records (do you get all the cnames and A via the API or just a zone transfer) and how do you delete the records (again, do you use the API, one delete per record, or use DDNS delete).

 

Anyway, here is a very simple implementation, that shows how to identify dangling CNAMES.

 

# set set up some defaults:
my $REST_REV = "v2.1";

my $rest = Infoblox::REST->new({
#             debug => 4,
            master => $SERVER,
            version => $REST_REV,
            username => $USER,
            password => $PASS
});

if ( $rest->errors() ) {
    print Dumper ( $rest->errors() ) ;
    exit ;
}

# say "Getting ALL CNAMES\n";

# the name is always an FQDN
my $data = $rest->GET( '/record:cname', { 
        _max_results=>$MAXRESULTS ,
#         '_return_fields+'=>'zone',
    } ) ;
print "GET " . $rest->url() . "\n";

unless ( $data ) {
    print $rest->errorText() . "\n";
    exit ;
}

# now walk each of these cnames and see if they point to somewhere we
# know about

foreach my $rec ( @{ $data } ) {
    my $name = $rec->{name};
    my $canon = $rec->{canonical};
    say "Check CNAME : $name -> $canon" if $DEBUG ;

    # see if there is a matching HOST
    my $hosts = $rest->GET( '/record:host', { 
            name => $canon
    }) ;

    next if $hosts;

    # see if there is a matching A record
    my $arecs = $rest->GET( '/record:a', { 
            name => $canon
    }) ;

    next if $arecs;

    print "TEST : " if $TEST ;

    say "DELETE CNAME : $name -> $canon no HOST or A records found" ;
    say "DELETE : $rec->{_ref}" if $DEBUG ;

    next if $TEST ;

    # set up some values we want to change to put into the body...
    # and don't forget the leading '/' before the key

    my $res = $rest->DELETE( "/$rec->{_ref}" ) ;
    print $rest->errorText() . "\n" unless $res;

}

exit ;
Reply
Turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Do you mean 

Recommended for You

Latest Annoucements

Infolbox Experts Community

You have reached the maximum number of topics allowed as a visitor. Please Login or Join the community to continue to read.

Join for free

TOPICS REMAINING

Register for unlimited browsing. Registration is FREE.

Join Community