2

I'm trying to analyze the contents of BIND's cache by looking into dump files, the ones generated by rndc dumpdb -cachedb.

;
; Start view _default
;
;
; Cache dump of view '_default' (cache _default)
;
$DATE 20160606155942
; authanswer
.         35136 IN SOA  a.root-servers.net. nstld.verisign-grs.com. (
                2016060501
                1800
                900
                604800
                86400)
(snip)
; . SOA a.root-servers.net. nstld.verisign-grs.com. 2016060600 1800 900 04800 86400
; . RRSIG SOA ...
; . NSEC aaa. NS SOA RRSIG NSEC DNSKEY
; . RRSIG NSEC ...
; academy. NSEC accenture. NS DS RRSIG NSEC
; academy. RRSIG NSEC ...
; authauthority
acbjlfudoo.             2757    \-ANY   ;-$NXDOMAIN

; glue
arctic.ac.              76153   NS      ns-de.1and1-dns.biz.
                        76153   NS      ns-de.1and1-dns.org.
                        76153   NS      ns-de.1and1-dns.com.
                        76153   NS      ns-de.1and1-dns.de.
; glue
google.ac.              6055    NS      ns1.google.com.
                        6055    NS      ns2.google.com.
                        6055    NS      ns3.google.com.
                        6055    NS      ns4.google.com.

The format is similar to that of a zone file.

I had limited success in parsing it with dnspython, but this required removing all negative cache entries (\-ANY records) and $DATE statements. Performance also seems to be an issue, since these files tend to be quite large.

Is there any tool/script already to process these files?

André Fernandes
  • 959
  • 7
  • 24
  • I am also needing to parse zone information to try to clean up stale zone records. Were you able to find a solution? – bdrx Sep 20 '18 at 17:19
  • I didn't find any definitive solution, but excluding the negative cache records prior to parsing the cache dump with `dnspython` had modest results. – André Fernandes Sep 21 '18 at 10:29
  • I also need this features, Maybe I need to implement it myself. – Donghua Liu Jan 03 '22 at 04:29

0 Answers0