#!/usr/bin/perl ## # Script to compare results between a recursive and auth server. # Useful for weeding out bad zone files left on your dirty nameservers # # REMEMBER, the two DNS servers need to be of their specific types. # If you don't know the difference between the two I'd strongly recommend # you do a google search to learn. ## use strict; my $authServerAddress = 'AUTH.MYHOST.COM'; my $recurseServerAddress = 'RECURSE.MYHOST.COM'; open(DOMAINLIST, ") { chomp($_); my $thisDomain = $_; my %domainScorecard; my $partialResult = 0; # First do a lookup on dns0 # Subtract 1 from score my @authNameServerList = `host -t ns $thisDomain $authServerAddress | egrep 'name server' | sed 's/$thisDomain name server //' | sed 's/\\\.\$//'`; foreach my $thisResult (@authNameServerList) { chomp($thisResult); $domainScorecard{$thisResult} = $domainScorecard{$thisResult} - 1; } # Now do recursive nameserver # Add 1 to score my @recurseNameServerList = `host -t ns $thisDomain $recurseServerAddress | egrep 'name server' | sed 's/$thisDomain name server //' | sed 's/\\\.\$//'`; foreach my $thisResult (@recurseNameServerList) { chomp($thisResult); $domainScorecard{$thisResult} = $domainScorecard{$thisResult} + 1; foreach my $matchAuth (@authNameServerList) { # Matched one of our own servers, worth mentioning if the score isn't 0 if($thisResult =~ /$matchAuth/) { $partialResult = 1; } } } # Let's go over my $overallScore = 0; foreach my $thisResult (keys %domainScorecard) { $overallScore = $overallScore + $domainScorecard{$thisResult}; } # Score is 0 if($overallScore == 0) { print "$thisDomain OK\n"; } # Score is >0 if($overallScore > 0) { if($partialResult > 0) { print "$thisDomain [NOT AUTH PARTIAL]\n"; } else { print "$thisDomain [NOT AUTH]\n"; } } # Score is <0 if($overallScore < 0) { if(join("", @recurseNameServerList) =~ /\w+/) { print "$thisDomain [BAD WHOIS]\n"; } else { print "$thisDomain [EXPIRED/DOESNTEXIST]\n"; } } }