Every zone in the DNS has a special record called the Start of Authority record, or SOA, and I have to periodically scan several hundred thousand SOA records against a set of authoritative servers to determine the SOA serial numbers of the zones, in order to determine if the zones are in sync, i.e. have been synchronized between the serving DNS servers.
You’ll have seen an SOA record, but here’s a small refresher: the SOA record of
iis.se (at the time of this writing):
In other words, obtaining an SOA record is easy: use
drill to query
for specific zones and Bob’s your uncle, or he isn’t, as the case may be;
basically it depends on the amount of zones you have to query and the time you
want it completed in.
There are a number of utilities which can be used:
drillas just mentioned wrapped into a shell script.
- check_soa from the BIND book.
- Using Net::DNS with Perl
- Using dnspython
- check_soa in Go by Stéphane Bortzmeyer.
I decided all of these weren’t suitable to my task so I chose adns, an advanced, easy to use, asynchronous-capable DNS client library. Adns includes adnshost which is indeed easy to use. I can feed its stdin a list of domains to check, and it goes off and does that asynchronously.
In addition, there’s a Python binding for adns called adns-python, which suits me perfectly, and I found a posting by Peteris Krumins in which he wraps adns-python into something I could actually use quickly.
I had to apply a small modification to Peteris’ code because I wanted the program to contact my own servers.
And the result?
As an added bonus, I get the SOA record split up neatly, so it’s easy to get the serial number I’m after. For a single zone, that would look like this: