OpenNIC Wiki: Verify the . NS records in each T2

The following script can be used to get a rough insight into the state of Syncronisation of the root hints file to the T2's. It works, by getting the reference root hints from NS0 and then comparing it to the returned root hints from every single T2. Output is in CSV-Format.

This is just a rough draft, dont use it, dont depend on it. Needs improvement :)

Format

Hostname-From-Root-Hints,STATUS

Where STATUS can be one of:

SYNC (Perfect, all is fine)
UNSYNC (There are differences between NS0 and this Nameserver)
HINTS_EMPTY (The Nameserver returns an empty root hints)
NOT_RESPONDING (The Nameserver port is not reachable within one minute, this uses NO ICMP)

Usage

You need besides the standard tools: netcat and dig (which normally should be found on Debian in bind9-host or dnsutils)

Sample Output

Run 05/03/2012 around 3pm.
ns1.t.at.dns.opennic.glue,SYNC ns3.qld.au.dns.opennic.glue,SYNC ns1.on.ca.dns.opennic.glue,SYNC ns4.on.ca.dns.opennic.glue,SYNC ns6.on.ca.dns.opennic.glue,SYNC ns1.qc.ca.dns.opennic.glue,SYNC ns2.qc.ca.dns.opennic.glue,HINTS_EMPTY ns2.qc.ca.dns.opennic.glue,UNSYNC 1,7c1 < ns21.opennic.glue. < ns2.opennic.glue. < ns3.opennic.glue. < ns5.opennic.glue. < ns6.opennic.glue. < ns7.opennic.glue. < ns8.opennic.glue. > ns1.nrw.de.dns.opennic.glue,SYNC ns2.nrw.de.dns.opennic.glue,SYNC ns1.nu.de.dns.opennic.glue,SYNC ns1.st.de.dns.opennic.glue,NOT_RESPONDING ns1.sy.lu.dns.opennic.glue,SYNC ns1.ts.uk.dns.opennic.glue,SYNC ns2.ts.uk.dns.opennic.glue,NOT_RESPONDING ns1.ca.us.dns.opennic.glue,SYNC ns2.ca.us.dns.opennic.glue,SYNC ns3.ca.us.dns.opennic.glue,NOT_RESPONDING ns1.co.us.dns.opennic.glue,SYNC ns2.co.us.dns.opennic.glue,NOT_RESPONDING ns1.il.us.dns.opennic.glue,SYNC ns3.il.us.dns.opennic.glue,SYNC ns1.in.us.dns.opennic.glue,SYNC ns3.in.us.dns.opennic.glue,NOT_RESPONDING ns1.ny.us.dns.opennic.glue,SYNC ns2.ny.us.dns.opennic.glue,SYNC ns1.oh.us.dns.opennic.glue,UNSYNC 1,7c1 < ns21.opennic.glue. < ns2.opennic.glue. < ns3.opennic.glue. < ns5.opennic.glue. < ns6.opennic.glue. < ns7.opennic.glue. < ns8.opennic.glue. > ns21.opennic.glue. ns2.opennic.glue. ns3.opennic.glue. ns5.opennic.glue. ns6.opennic.glue. ns7.opennic.glue. ns21.opennic.glue. ns2.opennic.glue. ns3.opennic.glue. ns5.opennic.glue. ns6.opennic.glue. ns7.opennic.glue. ns10.tx.us.dns.opennic.glue,NOT_RESPONDING ns2.tx.us.dns.opennic.glue,SYNC ns4.tx.us.dns.opennic.glue,NOT_RESPONDING ns6.tx.us.dns.opennic.glue,SYNC ns1.va.us.dns.opennic.glue,SYNC ns6.va.us.dns.opennic.glue,NOT_RESPONDING

Script

cat opennic-roothints.bash 

#!/bin/bash

# 2012, Falk

# Whats the IPv4 address of NS0?

NS0="75.127.96.89"

nameservers=`dig axfr dns.opennic.glue @${NS0}| egrep '.dns.opennic.glue. [0-9]{1,6} IN' | cut -d " " -f 1 | uniq`

tmpfile="/tmp/opennic-roothints.$RANDOM"

function rootHints()

{

dig . NS @${1} | egrep "^\." | awk '{ print $5 }' | sort | uniq

}

rootHints ${NS0} > ${tmpfile}

for server in ${nameservers}

do

    thisHints=`rootHints ${server}`

    if [ "${thisHints}" = "`cat ${tmpfile}`" ]; then

        # Everything is in sync with NS0

        echo ${server%?},SYNC

    else

        # Something bad happened. What exactly?

        # Is the server down?

        if [ `nc -zu -w 60 ${server} 53; echo $?` -ne 0 ]; then

                echo ${server%?},NOT_RESPONDING

                continue

        fi

        # Is the hints file empty?

        if [ -z "${thisHints}" ]; then

            echo ${server%?},HINTS_EMPTY

        fi

        # Or is the server just unsync? Then print a diff!

        echo ${server%?},UNSYNC

        diff <(cat ${tmpfile}) <(echo ${thisHints})

        echo ${thisHints}

    fi

done

rm ${tmpfile}