dnscacheaudit is a simple perl utility to audit entries in the bind cache. At the end of each run this utility creates a pdf report showing number of domain in the bind cache that has different IP address in the cache from the reference servers. This utility is inspired by CacheAudit utility by Jose Avila.
The script is written perl and uses postgres database to store data. It uses following perl modules:
Obtaining and Installing dnscacheaudit:
- Download dnscacheaudit from http://dnscacheaudit.sourceforge.net
- Create database and schema under postgres
- Install required perl modules
- Customize script for your environment
- Generate bind dump and filter it out
- Run the script against the bind dump
Postgres DB Setup:
- Create a database (dns)
- Create a user with full rights to the above mentioned database (dns)
- Run the script dns.sql to create tables/indexes/sequence etc.
- Change user, passwd, dbname to your environment
- Change name of your organization. This is what shows up on the generated pdf report.
- Change dns.conf to include more reference servers. Current set worked for me.
- First stage of the script reads data from the bind dump and inserts that data into the database table named_dump_tbl. The second and third step does audit. If for some reason you need to terminate the script while it is in second or third stage, you can restart by setting variable bypass_pass_1 to 1, run_pass to querying database to find the run_pass for the first stage (select max(run_pass_number) from named_dump_tbl).
- After each run empty out the named_dump_mismatch_tbl, and named_dump_query_error_tbl.
- After couple of run you may want to purge data from named_dump_work_tbl (delete from named_dump_work_tbl where run_pass_number < current_run_pass_number)
- Base directory of the dnscacheaudit has the following subdirectories:
- bin: Contains script process_named_dump.pl and dns.conf file.
- named_dumps: This is where bind dumps need to go.
- reports: This is where reports gets created
- sql: DDL for the database
- Use "rndc dumpdb" to create named dump on your dns server
- Copy named_dump.db file to named_dumps/< server name >/named_dump.db
- I ran a filter script filter_dump.sh against the named_dump.db to create a dump that created fewer errors while parsing using DNS::ZoneParse.
- Syntax to run the script:
$ cd bin
$ ./process_named_dump.pl ../named_dumps/< server name>/< filtered dump file> < server name>
$ ./process_named_dump.pl ../named_dumps/bighorn/named_dump_20080923.db bighorn
- At the end of the run, you'll see a pdf report file in the report directory.
For support/word of encouragements/critic, drop an email to manish at dbsentry dot com.