[dns-operations] Broken delegation

Rick Wesson rick at support-intelligence.com
Sun Mar 9 17:57:35 UTC 2014 

Dave,

You might just use adnshost to query the ns records from the parent TLDs.
it free and fast and authortative. There are also perl and python bindings
to adnslib.

best,

-rick



On Sat, Mar 8, 2014 at 2:08 PM, Paul Vixie <paul at redbarn.org> wrote:

> in general, delegations have to meet only two conditions. first, every
> name server that's designated by an NS RR above or below a delegation
> point has to be authoritative. second, the set of NS RR's below a
> delegation point (so, at the zone apex) has to be equal to or a superset
> of the set of NS RR's above that delegation point (so, the parent's
> zone-leaf).
>
> note that scraping the TLD's isn't a reliable way to find all the
> invocations of your NS RR name, partly because not all TLD's have ZFA,
> and partly because not all delegations are in TLD's. passive DNS is your
> better answer here. i looked at the NS RRset for your "hireahit.com"
> domain, chose one at random, and asked the Farsight DNSDB about it. my
> second example below turns off DNS output conversion and shows the raw
> JSON, in case that inspires you to consider ways to automate this kind
> of auditing.
>
> ---
>
> vixie at linux1:~/work/dnsdb_c$ ./dnsdb_query -n anyns1.hireahit.com/ns
> ;; record times: 2014-03-06 09:15:40 .. 2014-03-08 19:09:04
> ;; count: 26
> coaxial.ca.  NS  anyns1.hireahit.com.
>
> ;; record times: 2014-03-06 15:44:49 .. 2014-03-08 18:53:29
> ;; count: 26
> roidology.ca.  NS  anyns1.hireahit.com.
>
> ;; record times: 2014-03-06 21:23:19 .. 2014-03-08 05:11:04
> ;; count: 10
> djw.biz.  NS  anyns1.hireahit.com.
>
> ;; record times: 2014-03-06 06:44:07 .. 2014-03-08 19:53:15
> ;; count: 2689
> hireahit.com.  NS  anyns1.hireahit.com.
>
> ;; record times: 2014-03-07 03:43:59 .. 2014-03-08 03:34:22
> ;; count: 4
> djwhosting.com.  NS  anyns1.hireahit.com.
>
> ;; record times: 2014-03-06 07:21:24 .. 2014-03-08 20:43:57
> ;; count: 3791
> neverhost.net.  NS  anyns1.hireahit.com.
>
> ;; record times: 2014-03-06 07:43:12 .. 2014-03-08 19:26:12
> ;; count: 259
> devilsplayground.net.  NS  anyns1.hireahit.com.
>
> ---
>
> vixie at linux1:~/work/dnsdb_c$ ./dnsdb_query -n anyns1.hireahit.com/ns -j
> {"count": 26, "time_first": 1394097340, "rrtype": "NS", "rrname":
> "coaxial.ca.", "rdata": "anyns1.hireahit.com.", "time_last": 1394305744}
> {"count": 26, "time_first": 1394120689, "rrtype": "NS", "rrname":
> "roidology.ca.", "rdata": "anyns1.hireahit.com.", "time_last": 1394304809}
> {"count": 10, "time_first": 1394140999, "rrtype": "NS", "rrname":
> "djw.biz.", "rdata": "anyns1.hireahit.com.", "time_last": 1394255464}
> {"count": 2689, "time_first": 1394088247, "rrtype": "NS", "rrname":
> "hireahit.com.", "rdata": "anyns1.hireahit.com.", "time_last": 1394308395}
> {"count": 4, "time_first": 1394163839, "rrtype": "NS", "rrname":
> "djwhosting.com.", "rdata": "anyns1.hireahit.com.", "time_last":
> 1394249662}
> {"count": 3791, "time_first": 1394090484, "rrtype": "NS", "rrname":
> "neverhost.net.", "rdata": "anyns1.hireahit.com.", "time_last":
> 1394311437}
> {"count": 259, "time_first": 1394091792, "rrtype": "NS", "rrname":
> "devilsplayground.net.", "rdata": "anyns1.hireahit.com.", "time_last":
> 1394306772}
>
> ===
>
> vixie
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20140309/dfe411f0/attachment.html>

More information about the dns-operations mailing list