How to get easily (from a script) all CNAME of a A record?

[Michelle Konzack]

Hello *,

does someone know, how to get easily all CNAME records for a Host?

For example I have:

vserver09.tamay-dogan.net. 604800 IN A 88.168.69.36

www.can4linux.org. 86400 IN CNAME vserver09.tamay-dogan.net.
www.fexray4linux.org. 86400 IN CNAME vserver09.tamay-dogan.net.

So I have only the <vserver09> and want to know from a script the CNAMEs
which mean, I need a revers search.

How can I query this and which is the best (shell) tool?

I mean, currently I have a spider script installed on the NS which I can
run using 'ssh ${NS} query_script ${OPTS}' and on STDOUT I have what I
need, but I like to get a better solution, since sometimes it dos not
work with DNSSEC and with more then 80000 Domains and more than 1million
hosts I run into timing problems.

Thanks, Greetings and nice Day/Evening
Michelle Konzack

--
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems@tdnet France EURL itsystems@tdnet UG (limited liability)
Owner Michelle Konzack Owner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France 77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

<http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/>

Jabber linux4m...@jabber.ccc.de

Linux-User #280138 with the Linux Counter, http://counter.li.org/

[Matus UHLAR - fantomas]

On 09.11.10 14:01, Michelle Konzack wrote:
> does someone know, how to get easily all CNAME records for a Host?
>
> For example I have:
>
> vserver09.tamay-dogan.net. 604800 IN A 88.168.69.36
>
> www.can4linux.org. 86400 IN CNAME vserver09.tamay-dogan.net.
> www.fexray4linux.org. 86400 IN CNAME vserver09.tamay-dogan.net.
>
> So I have only the <vserver09> and want to know from a script the CNAMEs
> which mean, I need a revers search.
>
> How can I query this and which is the best (shell) tool?
>
> I mean, currently I have a spider script installed on the NS which I can
> run using 'ssh ${NS} query_script ${OPTS}' and on STDOUT I have what I
> need, but I like to get a better solution, since sometimes it dos not
> work with DNSSEC and with more then 80000 Domains and more than 1million
> hosts I run into timing problems.

I am not sure whether dnswalk over whole internet can do that, but on your
server you can either run recursive grep over named data directory, or dump
the named dsatabase and grep it...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
It's now safe to throw off your computer.

[Michelle Konzack]

Hello Matus UHLAR - fantomas,

Am 2010-11-09 14:13:47, hacktest Du folgendes herunter:

> I am not sure whether dnswalk over whole internet can do that, but on your

I will try it...

> server you can either run recursive grep over named data directory, or dump
> the named dsatabase and grep it...

This is what I currently do...

----[ '/usr/sbin/get_hosts_in cname' ]----------------------------------
#!/bin/sh

QUERY="$1"

for FILE in $(cd /etc/bind && ls *.signed)
do
grep --regexp=" IN CNAME .*${QUERY}" /etc/bind/${FILE} 2>/dev/null |cut -d ' ' -f1 |sed 's|.$||'
done
------------------------------------------------------------------------

...and it is to slow do to more then 80.000 Zones (they have to be
greped all) number of VHosts.

Oh, it is now time to use "xargs", because I saw today, that I hit the
limits for "ls". :-D

Following is working:
cd /etc/bind && ls

but not:
cd /etc/bind && ls *
or
cd /etc/bind && ls *.signed

and the OSes are called Linux and BSD... WTF?

It seems that a commandline can not have more then 31.000 characters.
(no not options but total lenght)

Thanks, Greetings and nice Day/Evening
Michelle Konzack

--
##################### Debian GNU/Linux Consultant ######################
Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems@tdnet France EURL itsystems@tdnet UG (limited liability)
Owner Michelle Konzack Owner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz Kinzigstraße 17
67100 Strasbourg/France 77694 Kehl/Germany
Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

<http://www.itsystems.tamay-dogan.net/> <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/> <http://www.can4linux.org/>

Jabber linux4m...@jabber.ccc.de
ICQ #328449886

[Michelle Konzack]

Hello Matus UHLAR - fantomas,

Am 2010-11-09 14:13:47, hacktest Du folgendes herunter:
> I am not sure whether dnswalk over whole internet can do that,

"dnswalk" is already starting wierd behaviour:

----[ command 'dnswalk vserver09.tamay-dogan.net.' ]--------------------
Checking vserver09.tamay-dogan.net.
BAD: SOA record not found for vserver09.tamay-dogan.net.
BAD: vserver09.tamay-dogan.net. has NO authoritative nameservers!
BAD: All zone transfer attempts of vserver09.tamay-dogan.net. failed!
0 failures, 0 warnings, 3 errors.
------------------------------------------------------------------------

----[ command 'dig +multiline SOA vserver09.tamay-dogan.net' ]----------
tamay-dogan.net. 3600 IN SOA dns1.tamay-dogan.net. hostmaster.tamay-dogan.net. (
1288527338 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
------------------------------------------------------------------------

----[ command 'dig vserver09.tamay-dogan.net' ]-------------------------
vserver09.tamay-dogan.net. 3600 IN A 88.168.69.36
tamay-dogan.net. 3600 IN NS dns2.tamay-dogan.net.
tamay-dogan.net. 3600 IN NS dns1.tamay-dogan.net.
dns1.tamay-dogan.net. 3600 IN A 88.168.69.36
dns2.tamay-dogan.net. 3600 IN A 217.147.94.23
------------------------------------------------------------------------

Is denswalk broken in Debian/Lenny?

[Torsten]

Am Tue, 9 Nov 2010 15:14:04 +0100
schrieb Michelle Konzack <linux4m...@tamay-dogan.net>:

> Hello Matus UHLAR - fantomas,
>
> Am 2010-11-09 14:13:47, hacktest Du folgendes herunter:

> Thanks, Greetings and nice Day/Evening
> Michelle Konzack
>

Maybe it's easier to get a dump with rndc dumpdb -zones and then run
the grep on the dump file.

Ciao
Torsten

[Stacey Jonathan Marshall]

The asterisk causes the shell to expand the names and run ls with them as a single command, so in effect you have "ls file1 file2 file3 ...".   Try the following instead:

cd /etc/bind
for FILE in *.signed
do
  grep --regexp=" IN CNAME .*${QUERY}" ${FILE} 2>/dev/null |cut -d ' ' -f1 |sed 's|.$||'
done

It might still have the same issue, but worth a go.

I assume the command length is also why your not simply running "grep -h <expression> *.signed"?

Stace

_______________________________________________
bind-users mailing list
bind-...@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

[Philippe...@swisscom.com]

Hi

 

If you have control over all zones, you could also pre-store the results of

your search in DNS J

 

For all CNAME records, make e.g. a TXT record with the reverse result :

(TXT is maybe not the better record type…which ones (for specialists))

 

For each :

a-name IN A 1.2.3.4

an-alias IN CNAME a-name

 

Just add :

a-name IN TXT an-alias

 

and make more than one TXT records for each cname pointing to the same record …

a-name IN TXT another-alias

 

best regards

 

Philippe

[Kevin Darcy]

PTR RRs benefit from label compression, whereas TXT records do not. Therefore I prefer PTR records for any such "metadata" references within DNS. There's no chance they'll be mistaken for, or conflict with reverse DNS records if they're not in the in-addr.arpa branch of the namespace.

                                                                                                                                                                                        - Kevin

[Michelle Konzack]

Hello Torsten,

Am 2010-11-09 15:46:05, hacktest Du folgendes herunter:

> Maybe it's easier to get a dump with rndc dumpdb -zones and then run
> the grep on the dump file.

Ehm, but AFAIK the dumpfiles are the same as the orginal zone files in
/etc/bind or do I something missing?

Thanks, Greetings and nice Day/Evening
Michelle Konzack

--

[Michelle Konzack]

Hello Philippe...@swisscom.com,

Am 2010-11-09 22:16:08, hacktest Du folgendes herunter:

> For all CNAME records, make e.g. a TXT record with the reverse result :

> (TXT is maybe not the better record type...which ones (for specialists))

>
> For each :
> a-name IN A 1.2.3.4
> an-alias IN CNAME a-name
>
> Just add :
> a-name IN TXT an-alias
>

> and make more than one TXT records for each cname pointing to the same record ...
> a-name IN TXT another-alias

I am currently testing this solution and it seems to work nicely and I
can easyly integrate the generation of the TXT record in my PHP scripts.

...and this is very speedy!

[Mark Andrews]

In message <20101110005445.GO5441@michelle1>, Michelle Konzack writes:
> Hello Philippe...@swisscom.com,
>
> Am 2010-11-09 22:16:08, hacktest Du folgendes herunter:
> > For all CNAME records, make e.g. a TXT record with the reverse result :
> > (TXT is maybe not the better record type...which ones (for specialists))

> >=20

> > For each :
> > a-name IN A 1.2.3.4
> > an-alias IN CNAME a-name

> >=20

> > Just add :
> > a-name IN TXT an-alias

> >=20
> > and make more than one TXT records for each cname pointing to the same re=

> cord ...
> > a-name IN TXT another-alias
>
> I am currently testing this solution and it seems to work nicely and I
> can easyly integrate the generation of the TXT record in my PHP scripts.
>

> =2E..and this is very speedy!

>
> Thanks, Greetings and nice Day/Evening
> Michelle Konzack

Just remember that this will eventually fail when you exceed the
ability of the DNS to carry the PTR RRset (64k).

Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

[Barry Margolin]

In article <mailman.667.128931...@lists.isc.org>,
Michelle Konzack <linux4m...@tamay-dogan.net> wrote:

> Hello Matus UHLAR - fantomas,
>
> Am 2010-11-09 14:13:47, hacktest Du folgendes herunter:
> > I am not sure whether dnswalk over whole internet can do that, but on your
>
> I will try it...
>
> > server you can either run recursive grep over named data directory, or dump
> > the named dsatabase and grep it...
>
> This is what I currently do...
>
> ----[ '/usr/sbin/get_hosts_in cname' ]----------------------------------
> #!/bin/sh
>
> QUERY="$1"
>
> for FILE in $(cd /etc/bind && ls *.signed)
> do
> grep --regexp=" IN CNAME .*${QUERY}" /etc/bind/${FILE} 2>/dev/null |cut -d
> ' ' -f1 |sed 's|.$||'
> done
> ------------------------------------------------------------------------

It would probably be faster if you didn't start a new grep process for
each file. Try:

find /etc/bind -name '*.signed' | xargs sed -n "/ IN CNAME .*$QUERY/s/\.
.*$//p"

--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***

[Torsten]

Am Wed, 10 Nov 2010 01:49:08 +0100
schrieb Michelle Konzack <linux4m...@tamay-dogan.net>:

> Hello Torsten,

>
> Am 2010-11-09 15:46:05, hacktest Du folgendes herunter:
> > Maybe it's easier to get a dump with rndc dumpdb -zones and then run
> > the grep on the dump file.
>
> Ehm, but AFAIK the dumpfiles are the same as the orginal zone files
> in /etc/bind or do I something missing?
>

> Thanks, Greetings and nice Day/Evening
> Michelle Konzack
>

That's true... but grepping a single file is a lot faster than grepping
80k files one by one.

Ciao
Torsten