Getting the name of responding server(s)
Greetings all, Please forgive me if this question is a bit off-topic for this list. I can be sure if it is or isn't until I get the answer. My question is rather a simple one. Given some FQDN `D' and given some DNS record type 'T' (e.g. either A or or perhaps even PTR) does there exist some open source command line tool that can tell me the names of the DNS servers to which the final authority for answering a query about the tuple (D, IN, T) is delegated? I know that I can get this information by using "dig +trace", but that seems to be rather slow to me (wall clock time), and I want to be doing this a lot. Also, of course, "dig +trace" puts out quite lot of information that is really of no use and no interest to me. I really just want the names of the final set of nameservers that should, if they are up and running, be the ones that will ultimately answer the query. So, does anyone know of an open source command line tool that can do just that, preferably quickly? Regards, rfg ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting the name of responding server(s)
On Tue, Sep 07, 2021 at 12:33:59AM -0700, Ronald F. Guilmette wrote a message of 33 lines which said: > My question is rather a simple one. Given some FQDN `D' and given > some DNS record type 'T' (e.g. either A or or perhaps even PTR) > does there exist some open source command line tool that can tell me > the names of the DNS servers to which the final authority for > answering a query about the tuple (D, IN, T) is delegated? T is irrelevant since delegation does not depend on the type. > I know that I can get this information by using "dig +trace", but that seems > to be rather slow to me (wall clock time), and I want to be doing > this a lot. The only solution is chasing the delegations from the root (which is what dig +trace is doing). Caching speeds it, this is why it is better to go through your resolver than using dig +trace. > So, does anyone know of an open source command line tool that can do just > that, preferably quickly? I'm not aware of a tool (free software or not) which does it. Some programming will be required. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting the name of responding server(s)
On Tue, Sep 07, 2021 at 09:44:43AM +0200,
Stephane Bortzmeyer wrote
a message of 34 lines which said:
> I'm not aware of a tool (free software or not) which does it. Some
> programming will be required.
Attached is an example program. Free software licence, whatever you
prefer. Requires Python and the dnspython library. For many many
requests, it would probably be better to parallelize it.
% ./list-auth.py bortzmeyer.org www.bortzmeyer.org fr toto.tata.trucmachin.fx
3.3.1.0.6.8.0.0.0.0.0.0.0.0.0.0.7.0.0.0.8.4.3.1.c.7.6.0.1.0.0.2.ip6.arpa
lists.isc.org tristatelogic.com
bortzmeyer.org.: ns3.absolight.net. ns2.bortzmeyer.org. ns4.bortzmeyer.org.
ns.eu.org. ns2.absolight.net. ns1.bortzmeyer.org.
www.bortzmeyer.org.: ns2.absolight.net. ns1.bortzmeyer.org. ns3.absolight.net.
ns2.bortzmeyer.org. ns4.bortzmeyer.org. ns.eu.org.
fr.: d.nic.fr. e.ext.nic.fr. f.ext.nic.fr. g.ext.nic.fr.
toto.tata.trucmachin.fx.: DOES NOT EXIST
3.3.1.0.6.8.0.0.0.0.0.0.0.0.0.0.7.0.0.0.8.4.3.1.c.7.6.0.1.0.0.2.ip6.arpa.:
ns3.nic.fr. ns1.nic.fr. ns2.nic.fr.
lists.isc.org.: ns.isc.afilias-nst.info. ns1.isc.org. ns3.isc.org. ns2.isc.org.
tristatelogic.com.: t1.zoneedit.com. t2.zoneedit.com.
#!/usr/bin/env python3
import dns.message
import dns.query
import dns.resolver
import sys
resolver = None # Use the default resolver. Set to an IP address otherwise.
def parent(name):
return dns.name.Name(name[1:])
def get_ns(name):
message = dns.message.make_query(name, dns.rdatatype.NS, use_edns=True,
want_dnssec=False)
response = dns.query.udp(message, resolver)
if response.rcode() == dns.rcode.NXDOMAIN:
return "DOES NOT EXIST"
elif response.rcode() != dns.rcode.NOERROR:
return "SOMETHING WENT WRONG"
if len(response.answer) > 0:
result = ""
for rrset in response.answer:
for record in rrset:
if record.rdtype == dns.rdatatype.NS:
result += "%s " % record.target
return result
else:
return get_ns(parent(name))
if resolver is None:
resolver = dns.resolver.Resolver().nameservers[0]
print("Using the resolver %s" % resolver)
print()
for arg in sys.argv[1:]:
name = dns.name.from_text(arg)
print("%s: " % name, end="")
print(get_ns(name))
print()
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
bind extended dns error
Hi, What version of bind is supporting "extended dns error (EDE)"? Do i have to do any configuration changes to enable EDE? Currently I am running BIND 9.16.18 as recursive server. BR, Sachchidanand ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting the name of responding server(s)
On Tue, 7 Sept 2021 at 03:45, Stephane Bortzmeyer wrote:
> The only solution is chasing the delegations from the root (which is
> what dig +trace is doing). Caching speeds it, this is why it is
> better to go through your resolver than using dig +trace.
Yeah, you can pretty reliably get the answer in one or two steps by
requesting the NS set for the FQDN. You'll either get your answer, or
get an SOA with the name of the enclosing zone. Second lookup gets
you the NS set for the enclosing zone. Just using your local
recursive server to deal with tracking down the answer should work
well, unless for some reason you need to see every possible answer
from every delegating name server.
% dig +noall +answer +authority IN NS www.example.net
example.net. 3591 IN SOA ns.icann.org. noc.dns.icann.org. 2021090201
7200 3600 1209600 3600
% dig +noall +answer IN NS example.net
example.net. 86396 IN NS b.iana-servers.net.
example.net. 86396 IN NS a.iana-servers.net.
Or a one-liner that works whether you supply the FQDN or its enclosing zone:
% dig +noall +answer +authority IN NS www.example.net | head -1 | cut
-f 1 | xargs dig +noall +answer IN NS | awk '{print $NF}'
b.iana-servers.net.
a.iana-servers.net.
% dig +noall +answer +authority IN NS example.net | head -1 | cut -f 1
| xargs dig +noall +answer IN NS | awk '{print $NF}'
a.iana-servers.net.
b.iana-servers.net.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting the name of responding server(s)
In message , Stephane Bortzmeyer wrote: >> I know that I can get this information by using "dig +trace", but that seems >> to be rather slow to me (wall clock time), and I want to be doing >> this a lot. > >The only solution is chasing the delegations from the root (which is >what dig +trace is doing). Caching speeds it, this is why it is >better to go through your resolver than using dig +trace. Yes, well, obviously, I either have to figure out a way to let my local resolver do all of the work or else I have to build my own resolver essentially from scratch. (Obviously, I am hoping that I can avoid the latter.) >> So, does anyone know of an open source command line tool that can do just >> that, preferably quickly? > >I'm not aware of a tool (free software or not) which does it. Some >programming will be required. I was afraid of that, but thank you for confirming. Regards, rfg ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting the name of responding server(s)
On Tue, Sep 07, 2021 at 12:40:14PM -0700, Ronald F. Guilmette wrote a message of 36 lines which said: > >I'm not aware of a tool (free software or not) which does it. Some > >programming will be required. > > I was afraid of that, but thank you for confirming. Don't despair, see the other messages in the thread (by Matt Pounsett and myself). ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting the name of responding server(s)
In message Matthew Pounsett wrote: >On Tue, 7 Sept 2021 at 03:45, Stephane Bortzmeyer wrote: > >> The only solution is chasing the delegations from the root (which is >> what dig +trace is doing). Caching speeds it, this is why it is >> better to go through your resolver than using dig +trace. > >Yeah, you can pretty reliably get the answer in one or two steps by >requesting the NS set for the FQDN. You'll either get your answer, or >get an SOA with the name of the enclosing zone. Second lookup gets >you the NS set for the enclosing zone. Just using your local >recursive server to deal with tracking down the answer should work >well, unless for some reason you need to see every possible answer >from every delegating name server. I don't. And your other points are well taken. Having thought about the problem some more, I see now that you're probably right and that I should be able to code up something rather simple that will do the job if I put my mind to it. So thanks! Regards, rfg ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
