home October 19, 2017

DNS Verify


Validate IP to Hostname and back to IP

The dns verify shell script will check hostnames to ips. This script is intended for a private network like a home LAN or internal corporate network.

The reason for this script was made is to make sure that you have the correct IP to hostname to IP resolution. If you have worked with BIND enough you may have made a mistake once or twice. You should have put the hostname in with one IP and you put another or you put an IP in one file but forgot to put it in the other. This script will show you those errors and you can quickly fix them.

Configure the script

There are two decisions you need to make before using this script.

What ranges of IP's are we monitoring? The variable "NETS" is a space separated list of all of the networks you want to monitor. In our example we are looking the 192.168.10 and 172.168.20 networks.

What sequence of IP's in $NETS are we checking? The variable "IPS" is either going to be a list of ips you want to check or if you are using Linux and have the binary "seq" install you can use the "$(seq 1 254)" function. For OpenBSD and FreeBSD users the binary "jot" works like so, "IPS=$(jot 254 1)". The binary "seq" is short for sequence and it will count from the first number to the last in one step digits. This is nice if you want to go from 1 to 254 for example.

Here is the dns_verify.sh shell script.

#### dns_verify.sh
#
NETS="192.168.10 172.168.20"
IPS=$(seq 1 10)  ## for Linux
#
# IPS=$(jot 254 1)  ## for OpenBSD or FreeBSD
# IPS=$(seq 1 254)  ## for Linux 
#
echo
echo -e "\tip        ->     hostname      -> ip"
echo '--------------------------------------------------------'  
for NET in $NETS; do
  for n in $IPS; do
    A=${NET}.${n}
    HOST=$(dig -x $A +short)
    if test -n "$HOST"; then
      ADDR=$(dig $HOST +short)
      if test "$A" = "$ADDR"; then
        echo -e "ok\t$A -> $HOST -> $ADDR"
      elif test -n "$ADDR"; then
        echo -e "fail\t$A -> $HOST -> $ADDR"
      else
        echo -e "fail\t$A -> $HOST -> [unassigned]"
      fi
    fi
  done
done

echo ""
echo "DONE."
If you need assistance with Bind then check out our Bind Authoritative Caching DNS Server (named.conf) Guide. You can setup a fast and secure caching DNS server for your network.

What does the output look like?

If we have 10 ips on the 192.168.10 network and 10 ips on the 172.168.20 network the output of the script will look like the following. Notice all of the lines say "ok"? If you see "ok" then everything is good. If you see "fail" then take a look at the output line and fix the BIND entry.

  user@machine: ./dns_verify.sh 

          ip        ->     hostname      -> ip
  --------------------------------------------------------
  ok      192.168.10.1 -> host1.domain.lan. -> 192.168.10.1
  ok      192.168.10.2 -> host2.domain.lan. -> 192.168.10.2
  ok      192.168.10.3 -> host3.domain.lan. -> 192.168.10.3
  ok      192.168.10.4 -> host4.domain.lan. -> 192.168.10.4
  ok      192.168.10.5 -> dhca5.domain.lan. -> 192.168.10.5
  ok      192.168.10.6 -> dhca6.domain.lan. -> 192.168.10.6
  ok      192.168.10.7 -> dhca7.domain.lan. -> 192.168.10.7
  ok      192.168.10.8 -> dhca8.domain.lan. -> 192.168.10.8
  ok      192.168.10.9 -> dhca9.domain.lan. -> 192.168.10.9
  ok      192.168.10.10 -> dhca10.domain.lan. -> 192.168.10.10
  ok      172.168.20.1 -> host5.domain.lan. -> 172.168.20.1
  ok      172.168.20.2 -> host6.domain.lan. -> 172.168.20.2
  ok      172.168.20.3 -> host7.domain.lan. -> 172.168.20.3
  ok      172.168.20.4 -> host8.domain.lan. -> 172.168.20.4
  ok      172.168.20.5 -> dhcb5.domain.lan. -> 172.168.20.5
  ok      172.168.20.6 -> dhcb6.domain.lan. -> 172.168.20.6
  ok      172.168.20.7 -> dhcb7.domain.lan. -> 172.168.20.7
  ok      172.168.20.8 -> dhcb8.domain.lan. -> 172.168.20.8
  ok      172.168.20.9 -> dhcb9.domain.lan. -> 172.168.20.9
  ok      172.168.20.10 -> dhcb10.domain.lan. -> 172.168.20.10

  DONE.

Questions?

You mentioned this is used for internal use only. Why can't I use it on hosts on the Internet? You can. The problem is this script does not limit the amount of dns calls it requests per second. If you run this on a host that is not your own it might look like an attack.

My ISP has given me a few ips, but they are not in order!No problem. Edit the $IPS variable and enter just the ips you want to check. For example, what if we had the ips 10.0.0.1, 10.0.0.5, and 10.0.0.10. We could setup the $NETS variable as NETS="10.0.0" and the ips as IPS="1 5 10".