I'm writing some python code to scan thru my DNS to identify potentially stale records.
I'm able to parse thru pretty much every record type I'm interested in with one exception: PTRs.
In DNS parlance, the PTRs exist only in the various in-addr.arpa zones, and I have around 15 of those. In the GUI, I can find these records no problem, but I cannot seem to find them in via the WAPI.
My general goal is to find any eliminate any stale PTR records, as users are notorious for not deleting a PTR record when they delete an A record. Scavanging only supports deleting 2000 records in a SmartFolder, and we have many zones so that's not a very efficient method of getting caught up. Once we purge a lot of these historical stale records, we'll likely use scavenging going forward.
The general methodology I'm using is as follows:
1) perform a GET to find all of the authoritative zones in a given DNS view.
2) For each zone, performs paginated GETs to find the record type I'm seeking.
My GET for the auth zones returns a dict that has ~80 zones. The GUI shows me 29 auth zones. Some of the zones are say, fubar.com, and others are like 10.0.0.0/8, which I have assumed corresponds with 10.in-addr.arpa. I'm using the fqdn field in the zone_auth object to identify the zone.
The discrepancy in the number of records appears to be the WAPI returns the subzones for the various in-addr.arpa zones. As an example, my 10.in-addr.arpa zone has 44 /24s defined individually. It does not return subdomain.fuber.com, however. I suppose I need to find a means of finding subdomains such as this going forward, but that is not my main question,
If I look in the GUI, one of my Class B in-addr.arpa zones has around 2800 PTR records and 5400 Host records. If I export the Host Records, I see 5400 hostrecord and 5400 host address records.
In playing around, I have noticed that I can retrieve the PTR records with the allrecords object, but this method does not allow me to retrieve the creation_time or last_queried fields, which I can retrieve for most other records using a GET for record:XXX objects.
When I look via the WAPI, I get none
3 weeks ago - last edited 3 weeks ago
You can use the "record:ptr" object to retrieve PTR records.
The basic version of the object contains the following fields: ptrdname, view.
curl -L -X GET 'https://<grid>/wapi/v2.11/record:ptr
By using the _schema the request will do a schema fetch for the object.
curl -L -X GET 'https://<grid>/wapi/v2.11/record:ptr?_schema'
The readable fields can then be requested by using _return_fields.
So in your case you can add creation_time and last_queried after appending _return_fields to your get query
curl -L -X GET 'https://<grid>/wapi/v2.11/record:ptr?_return_fields%2b=creation_time,last_queried,zone'
That being said, I need a means of getting all of the records in a particular zone, (in this case an in-addr.arpa space).
My issue is that when I retrieve a zone_auth, for an in-addr.zrpa zone I'll see a record like "10.0.0.0/8". If I attempt to search for recordtr objects in this zone, I have to use the traditional "10.in-addr.arpa" format. As I have a number of smaller in-addr.arpa subzones inside larger in-addr-arpa zones, this is not easily done unless I can somehow transform every valid CIDR block reference to a valid in-addr.arpa
I probably have 100,000 PTRs to worry about, and my guess is that 70% of them are stale static orphans. Scavenging only appears to handle 2,000 stale records at a time, so I'm trying some other way of doing this.
So it looks like I can retrieve all of the zone_auth objects and the for the objects that have an address field, convert these fields to an in-addr.arpa format string, an then perform a lookup.
So the task becomes:
1. GET all zone_auth objects for a DNS View, specifically returning address field
2. If zone_auth object has an address field, convert the address
i. X.0.0.0 -->X.in-addr.arpa
ii. X.Y.0.0 --> 0.Y.X.in-addr.arpa
iii. X.Y.Z.0 --> Z.Y.X.in-addr.arpa
1. Use output from 2) to perform GET of recordtr?zone=
2. Process that set of records accordingly.
David E. Fitzgerald
Lead Network Engineer
R115 - Network Services
3 weeks ago
You could use display_domain field in zone_auth, it will give you the converted address.
Also you could put a filter on zone_format (FORWARD, IPV4, or IPV6) while querying zone_auth.
curl -L -X GET 'https://<grid-ip>/wapi/v2.12/zone_auth?zone_format=IPV4&_return_fields%2B=dns_fqdn,display_domain'
You could then use the dislpay_domain as the value for zone in record:ptr query, so you wont have to check for address field and convert it to an in-addr.arpa format string to perform a lookup.
Let me know if this helps.