?
Solved

Listen for DNS updates

Posted on 2004-08-03
15
Medium Priority
?
327 Views
Last Modified: 2010-04-17
Hi,

I need to write a listener application that watches a particular DNS zone for updates we have a number of devices that are assigned their IP addresses by a third party.  The devices then register their IP addresses with our DNS server.  I need to be able to listen for the DNS to be updated so that I can push the changes out to other services on our network.

example:

mydomain.com
142.179.1.50 A host1
142.179.1.52 A host2
142.179.1.54 A host3
142.179.1.56 A host4

host1 has it's IP changed to 142.179.1.95 and it processes an update on our DNS server.  How do I listen for this?

Regards,

balabaster
0
Comment
Question by:balabaster
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
15 Comments
 
LVL 1

Accepted Solution

by:
Falcon_Zero earned 500 total points
ID: 11710642
If you intend to write an app to monitor for changes periodically I see you can go three ways...
1) Sniff the network for DNS update traffic (hard but unintrusive)
2) Have the DNS server replicate (Zone Transfer) with your monitoring app (may be unnecessary)
3) Periodically query the server for the monitored devices

Some idea how you intended to implement may help though....
0
 
LVL 9

Expert Comment

by:crescendo
ID: 11710677
What DNS server are you using for the dynamic registrations? If it's Microsoft's you should be able to query the active directory and get the record, including it's update time. Then you can scan for records that were updated since your last check.
0
 
LVL 9

Expert Comment

by:crescendo
ID: 11710704
Also see the article below. You need to be a subscriber to read it, but it seems you can download the sample code without subscribing. Nice one, webmaster. :)

http://www.winnetmag.com/WindowsScripting/Article/ArticleID/26630/26630.html
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:balabaster
ID: 11710840
Okay, my DNS Server is Windows Server 2003.

1) The DNS updates maybe every minute or every hour, sniffing every minute could cause a problem with network resources.
2) Zone transfer would be a nice way to go - the zone transfer could push to my software which can then process necessary updates to my other services - but how do I do this?
3) Again, this time loop thing could cause a problem with network resources.

I really like the idea of option 2, but I'm unsure how to achieve this - can you give me any pointers?  Basically, all my software needs to do is take the zone transfer and dynamically create a script that I can push out via SSH to update a DNAT table on one of our routers.  I don't want this run every minute though due to network resources but constant connectivity is going to be an issue.

Our clients have systems that are driven by IP only (not able to resolve DNS names) that have to be preconfigured with the IP addresses of the clients they talk to.  Our router will reroute the traffic no problem, but again, that is IP driven and won't resolve DNS names.  I have to update the nat table on the router with the new ip info when the dns server receives its update from the remote device - hence the need to listen for the DNS modification to push it out to the router.

Hope this gives you an idea of what I'm trying to do.
0
 
LVL 9

Expert Comment

by:crescendo
ID: 11710884
balabaster:

You didn't comment on my idea, so did you understand what I was suggesting? There are various tools to read the DNS records, and that will be a lot easier than working out how to do a zone transfer.
0
 

Author Comment

by:balabaster
ID: 11710925
Crescendo:

Definitely an option - I'm not familiar with PERL though, I was hoping to do this with an event driven language like VB.  If you could give me any further clues, I would be grateful.

balabaster
0
 
LVL 9

Expert Comment

by:crescendo
ID: 11710933
The link below actually has scripts for listing the records from a DNS zone, so I am sure you could modify them to do what you need.

http://www.iisfaq.com/Default.aspx?tabid=2986
0
 

Author Comment

by:balabaster
ID: 11710934
I want to avoid polling the DNS for this info too, due to the limited network resources - we could be looking at many hundreds or thousands of remote devices, so I want to avoid polling if at all possible.
0
 
LVL 9

Expert Comment

by:crescendo
ID: 11711054
Programming your own zone transfer will be complicated, take a look at the protocol:

http://mars.netanya.ac.il/~unesco/cdrom/booklet/HTML/NETWORKING/node120.html

If you want to avoid polling the live DNS servers, how about installing DNS on another server, making it a secondary, or even better, Active Directory-integrated, and running a polling program on that? That will avoid loading the live servers, and make your life easy with the programming.

The VBScripts I pointed you to can easily be converted to VB6. Once the DLL's are registered you will see them in VB and get the benefits of Intellisense. You only need to convert one of them, dnsrecord.vbs, and only a part of that, so it shouldn't be a big job. Just poll your dummy server, list the "A" records and build your router script accordingly.
0
 

Author Comment

by:balabaster
ID: 11711138
I've been thinking about it, and I'm starting to wonder if it would be easier to recode the Linux NAT module to utilize host names OR IP addresses instead of just IP addresses.  But I dunno who wrote the iptables module.
0
 
LVL 9

Expert Comment

by:crescendo
ID: 11711205
You're using a Linux box as the router?

How about using ARP? You can find out the MAC addresses of the machines and use awk/sed to parse the output from "arp -g" to get the current IP address from the MAC address. Then you can plug it straight into iptables commands.
0
 

Author Comment

by:balabaster
ID: 11711305
not sure that would be feasible.  The devices with the dynamic IP addresses are out on the internet.  I'm not going to know the MAC address of every device, so that would be an administrative problem.
0
 
LVL 9

Assisted Solution

by:crescendo
crescendo earned 500 total points
ID: 11711365
Ah, you're doing inbound NAT? No, you wouldn't get the MAC address.

Are the clients all in one domain, or several? Do they all register with your Win2003 DNS server? If they do, then a dummy server that you can poll seems the best way.

If they register on several domains then you have little option but to poll their DNS names and convert them to IP addresses. You can do this easily enough in VB with the Windows Sockets API. I can give you some code if you like. But with thousands of machines it will be slow because the standard API has a timeout to allow for slow servers, and even with a minimal 2-second timeout it will take a while for thousands of servers. You could run multiple copies of the program and write the results to a database.
0

Featured Post

Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re thinking to yourself “That description sounds a lot like two people doing the work that one could accomplish,” you’re not alone.
Make the most of your online learning experience.
An introduction to basic programming syntax in Java by creating a simple program. Viewers can follow the tutorial as they create their first class in Java. Definitions and explanations about each element are given to help prepare viewers for future …
Starting up a Project

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question