- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Using WAPI to access PTR records
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
3 weeks ago
I'm writing some python code to scan thru my DNS to identify potentially stale records.
I'm able to parse thru pretty much every record type I'm interested in with one exception: PTRs.
In DNS parlance, the PTRs exist only in the various in-addr.arpa zones, and I have around 15 of those. In the GUI, I can find these records no problem, but I cannot seem to find them in via the WAPI.
My general goal is to find any eliminate any stale PTR records, as users are notorious for not deleting a PTR record when they delete an A record. Scavanging only supports deleting 2000 records in a SmartFolder, and we have many zones so that's not a very efficient method of getting caught up. Once we purge a lot of these historical stale records, we'll likely use scavenging going forward.
The general methodology I'm using is as follows:
1) perform a GET to find all of the authoritative zones in a given DNS view.
2) For each zone, performs paginated GETs to find the record type I'm seeking.
My GET for the auth zones returns a dict that has ~80 zones. The GUI shows me 29 auth zones. Some of the zones are say, fubar.com, and others are like 10.0.0.0/8, which I have assumed corresponds with 10.in-addr.arpa. I'm using the fqdn field in the zone_auth object to identify the zone.
The discrepancy in the number of records appears to be the WAPI returns the subzones for the various in-addr.arpa zones. As an example, my 10.in-addr.arpa zone has 44 /24s defined individually. It does not return subdomain.fuber.com, however. I suppose I need to find a means of finding subdomains such as this going forward, but that is not my main question,
If I look in the GUI, one of my Class B in-addr.arpa zones has around 2800 PTR records and 5400 Host records. If I export the Host Records, I see 5400 hostrecord and 5400 host address records.
In playing around, I have noticed that I can retrieve the PTR records with the allrecords object, but this method does not allow me to retrieve the creation_time or last_queried fields, which I can retrieve for most other records using a GET for record:XXX objects.
When I look via the WAPI, I get none
Re: Using WAPI to access PTR records
[ Edited ]- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
3 weeks ago - last edited 3 weeks ago
Hi,
You can use the "record:ptr" object to retrieve PTR records.
The basic version of the object contains the following fields: ptrdname, view.
curl -L -X GET 'https://<grid>/wapi/v2.11/record:ptr
By using the _schema the request will do a schema fetch for the object.
curl -L -X GET 'https://<grid>/wapi/v2.11/record:ptr?_schema'
The readable fields can then be requested by using _return_fields.
So in your case you can add creation_time and last_queried after appending _return_fields to your get query
curl -L -X GET 'https://<grid>/wapi/v2.11/record:ptr?_return_fields%2b=creation_time,last_queried,zone'
Shukran
Re: Using WAPI to access PTR records
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
3 weeks ago

That being said, I need a means of getting all of the records in a particular zone, (in this case an in-addr.arpa space).
My issue is that when I retrieve a zone_auth, for an in-addr.zrpa zone I'll see a record like "10.0.0.0/8". If I attempt to search for record

I probably have 100,000 PTRs to worry about, and my guess is that 70% of them are stale static orphans. Scavenging only appears to handle 2,000 stale records at a time, so I'm trying some other way of doing this.
So it looks like I can retrieve all of the zone_auth objects and the for the objects that have an address field, convert these fields to an in-addr.arpa format string, an then perform a lookup.
So the task becomes:
1. GET all zone_auth objects for a DNS View, specifically returning address field
2. If zone_auth object has an address field, convert the address
i. X.0.0.0 -->X.in-addr.arpa
ii. X.Y.0.0 --> 0.Y.X.in-addr.arpa
iii. X.Y.Z.0 --> Z.Y.X.in-addr.arpa
1. Use output from 2) to perform GET of record

2. Process that set of records accordingly.
David E. Fitzgerald
Lead Network Engineer
R115 - Network Services
Office: 781-271-2889
Cell: 617-216-4149
fitz@mitre.org
[cid:image001.jpg@01D86140.D56077E0][cid:image002.jpg@01D86140.D56077E0][cid:image003.jpg@01D86140.D56077E0][cid:image004.jpg@01D86140.D56077E0][cid:image005.jpg@01D86140.D56077E0]
[cid:image006.png@01D86140.D56077E0]
Re: Using WAPI to access PTR records
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
3 weeks ago
Hi David,
You could use display_domain field in zone_auth, it will give you the converted address.
Also you could put a filter on zone_format (FORWARD, IPV4, or IPV6) while querying zone_auth.
curl -L -X GET 'https://<grid-ip>/wapi/v2.12/zone_auth?zone_format=IPV4&_return_fields%2B=dns_fqdn,display_domain'
You could then use the dislpay_domain as the value for zone in record:ptr query, so you wont have to check for address field and convert it to an in-addr.arpa format string to perform a lookup.
Let me know if this helps.
Shukran