Check the SOA Serial Number on NS Servers

If you manage a DNS master, and push zones to several slaves / secondaries, you may have found that over time — as configuration files and firewall rules change — one or more slaves may have lost its ability to update its zone files. Perhaps the slave is no longer being notified, or it may have lost the necessary zone transfer permissions from the master. In a large distributed environment where DNS changes are frequent, checking the SOA serial number for all the NS servers in a zone can be quite helpful — a quick way to eliminate the DNS as a possible source of a problem. Here is a perl script I wrote a few years back to retrieve the SOA serial number for a given domain.

Continue reading


Quick Freeze / Thaw of Reverse Zones

I had to update several reverse zone files today, so wrote a quick for-loop in bash to freeze and thaw all the zones. The script parsed the zone file names and reversed them into a proper `d.c.b.a.in-addr.arpa` format. Later I tweaked it with sed to make it more flexible (in order to pass it a full or partial IP address), but ended up using `tac` for the reversing part instead – that’s what it’s made for after all. And if you’re wondering what `tac` stand for, just read `cat` backwards. :-)

Continue reading


Update a Dynamic DNS IP with BIND

I wrote the following nsupdate-ddns.sh script to update the dynamic DNS entry for my laptop when switching network locations. There are several ways to execute a script like this automatically (cronjob, startup script, launcher, etc.) — I chose to use Sidekick for Mac OS X, which allows me to execute it when switching locations (either network or physical). This script can also create the private authentication key needed by the DDNS BIND server, and will display some sample configuration values. If you’re setting up a new DDNS BIND server, you can use the examples to configure your dynamic zone file.

Continue reading