netdisco icon indicating copy to clipboard operation
netdisco copied to clipboard

Published 20 hours ago verified publisher icon netdisco

FR - Retrieve and store DNS for all known Subnets

Open kingtrw opened this issue 3 years ago • 2 comments

Our DNS is in a bit of a state, we have:

  • IPs (public and internal) in use without DNS entries
  • IPs (public and internal) with DNS entries that are not used

The IP Inventory list with the 'list IPs never seen' option enabled is my main starting point, but at the moment it only does DNS lookups for IPs that are in use. I think it would be very helpful if it did a DNS lookup for every IP. This would incur a fair bit of additional DNS load so would likely be best if it were an optional toggle in the environement settings (and I'd probably want to run a caching DNS resolver on the ND server too).

Hopefully it would then be fairly easy to create reports such as;

  • Unecesscary DNS entries (DNS entires associated with an IP that isn't in use, with timestamp of last time IP was seen active)
  • Active node addresses without DNS entires. Possibly these could be combined into a 'Node DNS mismatch' single report.

PS along these lines I think it would also be handy to rename report 'Addresses without DNS entries' to 'Device addresses without...' in order to reduce ambiguity as to what report is for.

Cheers!

kingtrw avatar Dec 05 '21 19:12 kingtrw

It's a good idea but I'm not sure how to implement. Either this happens at arpnip time and goes into the node_ip table but then these aren't really existing nodes so that's a hack, or else the lookup happens at web view time which can potentially kill user experience (as in ND1). Will think some more about it.

ollyg avatar Dec 14 '21 11:12 ollyg

I could only think of horrible hacky solutions myself - the least awful I came up with was:

  • ND knows about a subnet
  • ND runs a scheduled worker process (e.g. nightly) to do a hostname lookup for every IP in said subnet and stashes output in a file - it's not data that needs to be related to as far as I can see so shouldn't need the DB involved.
  • When the page is requested, a grep is run through the file to populate the relevant fields.

This is a bit icky but I've got a bash script for auditing my public ranges and it does work.

In retrospect, more complicated than I'd originally thought about. I'd try to help but I don't know any perl...

Edit - doing it this way wouldn't allow the creation of new reports (as the info wouldn't be in the db) but it would allow the ip inventory report to have the field populated, which would achieve much the same thing.

kingtrw avatar Dec 14 '21 12:12 kingtrw