joemiller / dns_compare Goto Github PK

View Code? Open in Web Editor NEW

65.0 6.0 28.0 18 KB

Testing tool for DNS migrations. Compare data from a BIND zone file to data returned by a DNS server.

Home Page: http://joemiller.me

License: MIT License

Python 100.00%

dns_compare's Introduction

dns_compare.py

Compare data from a BIND zone file to data returned by an authoritative DNS server.

Purpose

Use this tool to verify the data being returned by an authoritative DNS server matches the data in a zone file.

Motivation

It is very helpful when migrating from one DNS server to another to be able to verify that all records imported correctly.

In my case, I used this tool to help me migrate multiple domains from Windows 2000 DNS and GoDaddy DNS (which both export BIND zone files) into Amazon's Route53 DNS service. With this tool, I could confidently prove that all records properly imported into Route53 before changing the whois records for each domain.

UPDATED (7/11/2013): Cleaned up the script and output a bit and refactored a few things while migrating a set of domains from Ziergo to Dyn.

Installation

pip install git+http://github.com/joemiller/dns_compare.git#egg=dns_compare

Example Usage:

Basic operation:

$ dns_compare -z example.com --file example.com.zone --server 10.1.1.1
............................................X
(MIS-MATCH) query: nss4.example.com.
 Expected:  300 IN A 142.229.40.28
 Received:  900 IN A 142.229.40.28
...X
(MIS-MATCH) query: www.example.com.
 Expected:  200 IN A 91.139.129.128
 Received:  900 IN A 91.139.129.128
X
(MIS-MATCH) query: www.example.com.
 Expected:  300 IN AAAA 2001:4800:1078:2256:78C8:1542:FF04:6BCB
 Received:  900 IN AAAA 2001:4800:1078:2256:78c8:1542:ff04:6bcb
......................done

Results:
Matches:      69
Mis-matches:  3

Verbose:

$ dns_compare -z example.com --file example.com.zone --server 10.1.1.1 --verbose
----
(Match) query: www.example.com. ...
Expected:  0 IN CNAME example.com.
Received:  0 IN CNAME example.com.
----
(MIS-MATCH) query: example.com. ...
Expected:  60 IN A 10.0.0.1
Got     :  60 IN A 10.0.0.20

By default, SOA and NS records are ignored because these records are likely to change when migrating a zone between DNS services.. Specify --soa or --ns option, respectively, to enable checking of SOA and NS records.

Comparing TTLs can be disabled with -t option. This is useful when transferring DNS to a provider that offers only specific TTL values.

TODO:

Print separate count of NXDOMAIN in results?

Author

Joe Miller (http://github.com/joemiller) (http://joemiller.me) (https://twitter.com/miller_joe)

dns_compare's People

Contributors

Stargazers

Watchers

dns_compare's Issues

Missing parentheses in call to 'print'. Did you mean print("Please install dnspython:")?

MacBook-Pro ➜  Desktop dns_compare -z mydomain.org --file mydomain.org.txt --server 1.1.1.1
  File "/usr/local/bin/dns_compare", line 42
    print "Please install dnspython:"
                                    ^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print("Please install dnspython:")?

MacBook-Pro ➜  Desktop python --version
Python 3.7.4

MacBook-Pro ➜  Desktop pip --version
pip 19.1.1 from /usr/local/lib/python3.7/site-packages/pip (python 3.7)

Type TXT, order irelevant

If a domain have 2 TXT-records, and one server returns them in one order, and the 2nd one return them in another order, they should still be ok?

Or are there a reason they are marked as missmatched?

Feature request: cname-flag

As some webhost put there alias as A-records, and some put them as CNAME, it would be nice with a flag that can handle that.

Exemple, at one DNS-server I have:

exemple.com. A 1.2.3.4
www.exemple.com. A 1.2.3.4

At the other I have

exemple.com. A 1.2.3.4
www.exemple.com CNAME exemple.com.

In normal mode, it should say its a missmatch:

(MIS-MATCH) query: www.exemple.com.
 Expected:  7200 IN CNAME exemple.com.
 Received:  None

Results:
Matches:      1
Mis-matches:  1

But with the cname-flag, it reports:

(CNAME-MATCH) query: www.exemple.com.
 Expected:  7200 IN CNAME exemple.com. (A 1.2.3.4)
 Received:  7200 IN A 1.2.3.4

Results:
Matches:      1
Cname-matches:  1
Mis-matches:  0

dns.exception.SyntaxError: /tmp/mydomain.org.bind:219: string too long

Can't validate TXT records.

Traceback (most recent call last):
  File "./dns_compare", line 74, in <module>
    z = dns.zone.from_file(opts.zonefile, origin=opts.zone, relativize=False)
  File "/usr/lib/python2.6/site-packages/dns/zone.py", line 1041, in from_file
    filename, allow_include, check_origin)
  File "/usr/lib/python2.6/site-packages/dns/zone.py", line 991, in from_text
    reader.read()
  File "/usr/lib/python2.6/site-packages/dns/zone.py", line 944, in read
    "%s:%d: %s" % (filename, line_number, detail))
dns.exception.SyntaxError: /tmp/mydomain.org.bind:219: string too long