Tracy Reed wrote: > Once again I face a massive DNS cleanup. These zone files are a > spaghetti of weird includes and outdated information running on a box > which also does web/imap/smtp/mysql. At least it is CentOS 5.3 and not > Fedora Core 6 like a lot of their machines. They also don't have a > split view for internal which they really need (although I hate to > have to resort to split views due to the confusion they cause when > things work differently internally vs externally). > > But having learned from the past I am very afraid of taking on any > such cleanup because that A record which everyone agrees isn't used > anymore actually serves some hidden critical function. > > I am wondering if there are any tools out there which can make this > easier. For example I am thinking that if I had a way to capture a > month's worth of DNS traffic and then replay that against the new name > server and make sure that any queries which returned responses on the > old setup also returned the same responses on the new server that > would make things much better. > > Does such a tool exist? Is this a good idea? Any better way? > > If it doesn't exist and I don't come up with a better way I may just > whip it up myself. Wireshark to record plus some code to extract the > queries and responses plus some code to re-run them should do the > trick. > > I feel like I have taken on cleaning up other people's messes and > repaying years of technical debt to get my client/employer up to snuff > as a specialty. I suspect it is that way for every sysadmin who > bothers joining user groups or trade associations. If you care enough > about what you do to join these things then you are probably > particular about it and anywhere you go is going to seem to be a mess > which can be vastly improved.
If you're running bind9, just enable query logging, although you would need to do that on all the name servers (the master as well as any slaves). Be sure to use the size and versions options on your log file, the query logs grow much more quickly that you might expect. Also, if it is a real mess with multiple levels of includes, sometimes the easiest way to look at a zone is to do a zone transfer and look at that. You lose any comments, but at least all the records will be in one file which you can then sort in whatever order makes sense to you. Frank -- Frank Smith [email protected] Sr. Systems Administrator Voice: 512-374-4673 Hoover's Online Fax: 512-374-4501 _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
