Solved

Listen for DNS updates

Posted on 2004-08-03
15
321 Views
Last Modified: 2010-04-17
Hi,

I need to write a listener application that watches a particular DNS zone for updates we have a number of devices that are assigned their IP addresses by a third party.  The devices then register their IP addresses with our DNS server.  I need to be able to listen for the DNS to be updated so that I can push the changes out to other services on our network.

example:

mydomain.com
142.179.1.50 A host1
142.179.1.52 A host2
142.179.1.54 A host3
142.179.1.56 A host4

host1 has it's IP changed to 142.179.1.95 and it processes an update on our DNS server.  How do I listen for this?

Regards,

balabaster
0
Comment
Question by:balabaster
  • 7
  • 5
15 Comments
 
LVL 1

Accepted Solution

by:
Falcon_Zero earned 125 total points
ID: 11710642
If you intend to write an app to monitor for changes periodically I see you can go three ways...
1) Sniff the network for DNS update traffic (hard but unintrusive)
2) Have the DNS server replicate (Zone Transfer) with your monitoring app (may be unnecessary)
3) Periodically query the server for the monitored devices

Some idea how you intended to implement may help though....
0
 
LVL 9

Expert Comment

by:crescendo
ID: 11710677
What DNS server are you using for the dynamic registrations? If it's Microsoft's you should be able to query the active directory and get the record, including it's update time. Then you can scan for records that were updated since your last check.
0
 
LVL 9

Expert Comment

by:crescendo
ID: 11710704
Also see the article below. You need to be a subscriber to read it, but it seems you can download the sample code without subscribing. Nice one, webmaster. :)

http://www.winnetmag.com/WindowsScripting/Article/ArticleID/26630/26630.html
0
 

Author Comment

by:balabaster
ID: 11710840
Okay, my DNS Server is Windows Server 2003.

1) The DNS updates maybe every minute or every hour, sniffing every minute could cause a problem with network resources.
2) Zone transfer would be a nice way to go - the zone transfer could push to my software which can then process necessary updates to my other services - but how do I do this?
3) Again, this time loop thing could cause a problem with network resources.

I really like the idea of option 2, but I'm unsure how to achieve this - can you give me any pointers?  Basically, all my software needs to do is take the zone transfer and dynamically create a script that I can push out via SSH to update a DNAT table on one of our routers.  I don't want this run every minute though due to network resources but constant connectivity is going to be an issue.

Our clients have systems that are driven by IP only (not able to resolve DNS names) that have to be preconfigured with the IP addresses of the clients they talk to.  Our router will reroute the traffic no problem, but again, that is IP driven and won't resolve DNS names.  I have to update the nat table on the router with the new ip info when the dns server receives its update from the remote device - hence the need to listen for the DNS modification to push it out to the router.

Hope this gives you an idea of what I'm trying to do.
0
 
LVL 9

Expert Comment

by:crescendo
ID: 11710884
balabaster:

You didn't comment on my idea, so did you understand what I was suggesting? There are various tools to read the DNS records, and that will be a lot easier than working out how to do a zone transfer.
0
 

Author Comment

by:balabaster
ID: 11710925
Crescendo:

Definitely an option - I'm not familiar with PERL though, I was hoping to do this with an event driven language like VB.  If you could give me any further clues, I would be grateful.

balabaster
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 9

Expert Comment

by:crescendo
ID: 11710933
The link below actually has scripts for listing the records from a DNS zone, so I am sure you could modify them to do what you need.

http://www.iisfaq.com/Default.aspx?tabid=2986
0
 

Author Comment

by:balabaster
ID: 11710934
I want to avoid polling the DNS for this info too, due to the limited network resources - we could be looking at many hundreds or thousands of remote devices, so I want to avoid polling if at all possible.
0
 
LVL 9

Expert Comment

by:crescendo
ID: 11711054
Programming your own zone transfer will be complicated, take a look at the protocol:

http://mars.netanya.ac.il/~unesco/cdrom/booklet/HTML/NETWORKING/node120.html

If you want to avoid polling the live DNS servers, how about installing DNS on another server, making it a secondary, or even better, Active Directory-integrated, and running a polling program on that? That will avoid loading the live servers, and make your life easy with the programming.

The VBScripts I pointed you to can easily be converted to VB6. Once the DLL's are registered you will see them in VB and get the benefits of Intellisense. You only need to convert one of them, dnsrecord.vbs, and only a part of that, so it shouldn't be a big job. Just poll your dummy server, list the "A" records and build your router script accordingly.
0
 

Author Comment

by:balabaster
ID: 11711138
I've been thinking about it, and I'm starting to wonder if it would be easier to recode the Linux NAT module to utilize host names OR IP addresses instead of just IP addresses.  But I dunno who wrote the iptables module.
0
 
LVL 9

Expert Comment

by:crescendo
ID: 11711205
You're using a Linux box as the router?

How about using ARP? You can find out the MAC addresses of the machines and use awk/sed to parse the output from "arp -g" to get the current IP address from the MAC address. Then you can plug it straight into iptables commands.
0
 

Author Comment

by:balabaster
ID: 11711305
not sure that would be feasible.  The devices with the dynamic IP addresses are out on the internet.  I'm not going to know the MAC address of every device, so that would be an administrative problem.
0
 
LVL 9

Assisted Solution

by:crescendo
crescendo earned 125 total points
ID: 11711365
Ah, you're doing inbound NAT? No, you wouldn't get the MAC address.

Are the clients all in one domain, or several? Do they all register with your Win2003 DNS server? If they do, then a dummy server that you can poll seems the best way.

If they register on several domains then you have little option but to poll their DNS names and convert them to IP addresses. You can do this easily enough in VB with the Windows Sockets API. I can give you some code if you like. But with thousands of machines it will be slow because the standard API has a timeout to allow for slow servers, and even with a minimal 2-second timeout it will take a while for thousands of servers. You could run multiple copies of the program and write the results to a database.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

This article will show, step by step, how to integrate R code into a R Sweave document
A short article about problems I had with the new location API and permissions in Marshmallow
An introduction to basic programming syntax in Java by creating a simple program. Viewers can follow the tutorial as they create their first class in Java. Definitions and explanations about each element are given to help prepare viewers for future …
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now