[dns-operations] Accurately identifying glue records

John Kristoff jtk at ultradns.net
Mon May 15 17:33:58 UTC 2006


I had taken a look at accurately identifying glue records for domain
names and discovered that it was a little trickier than I thought.
Especially if looking at a large list of names.  One lesson I had to
first learn was never to trust any local caching server.  So I used
dig +trace +nosearch +all to fetch the NS RRSet from the parent. I had
written some scripts to parse the dig output, but it wasn't very pretty.
I tried rewriting this using the Perl Net::DNS module and I think I
have something satisfactory and wanted to share it and open it up for
review.  I didn't find any simple command line tool that summarized
what I wanted for easy parsing, but if someone knows of something
better or can suggest how to change this tool to be more elegant I'd
appreciated a pointer.

You can find my initial Net::DNS crack at this here:

  <http://layer9.com/~jtk/software/glue-report>

I haven't done rigorous testing, but it appears to work well enough
for my needs.  Give it a list of fully qualified domain names via
STDIN, it should spit back out the name and details on what the
parent thinks about the zone, including the name servers, glue for
those nameservers if present and if the parent has the ra (recursion
available) bit sit, possibly indicating that any glue may not really
be glue, but just artifacts of a previously cached response.

There are certain things it doesn't do or could possibly do better.
For example, it doesn't check lameness and it's recursive indication
is not conclusive.

My usual standard disclaimer applies.  I don't know Perl, I know combat
Perl and you get what you paid for it.  :-)

John



More information about the dns-operations mailing list