Every zone in the DNS has a special record called the Start of Authority record, or SOA, and I have to periodically scan several hundred thousand SOA records against a set of authoritative servers to determine the SOA serial numbers of the zones, in order to determine if the zones are in sync, i.e. have been synchronized between the serving DNS servers.

You’ll have seen an SOA record, but here’s a small refresher: the SOA record of iis.se (at the time of this writing):

$ dig +multiline iis.se soa
iis.se.			3600 IN	SOA ns.nic.se. hostmaster.iis.se. (
				1360649102 ; serial
				10800      ; refresh (3 hours)
				3600       ; retry (1 hour)
				1814400    ; expire (3 weeks)
				14400      ; minimum (4 hours)

In other words, obtaining an SOA record is easy: use dig or drill to query for specific zones and Bob’s your uncle, or he isn’t, as the case may be; basically it depends on the amount of zones you have to query and the time you want it completed in.

There are a number of utilities which can be used:

I decided all of these weren’t suitable to my task so I chose adns, an advanced, easy to use, asynchronous-capable DNS client library. Adns includes adnshost which is indeed easy to use. I can feed its stdin a list of domains to check, and it goes off and does that asynchronously.

In addition, there’s a Python binding for adns called adns-python, which suits me perfectly, and I found a posting by Peteris Krumins in which he wraps adns-python into something I could actually use quickly.

I had to apply a small modification to Peteris’ code because I wanted the program to contact my own servers.

And the result?

It took 10.46 seconds to obtain 137466 SOA records.

Fast enough.

As an added bonus, I get the SOA record split up neatly, so it’s easy to get the serial number I’m after. For a single zone, that would look like this:

{'iis.se': ('ns.nic.se', 'hostmaster@iis.se', 1360649102, 10800, 3600, 1814400, 14400)}
Flattr this
DNS and adns :: 12 Feb 2013 :: e-mail


blog comments powered by Disqus