mkrdns - MaKe Reverse DNS (auto generate PTR maps)

mkrdns [options] [configuration file]

mkrdns is a program designed to auto-generate reverse DNS maps (IN PTR records). Some programs already accompany the BIND source package that will do this kind of thing on a single domain or network basis. mkrdns will read either a named.boot or named.conf file, figure out which domains and networks to deal with, and then generate the reverse maps.

You are deemed in charge of a network/domain if you are the primary DNS for a reverse zone, or if you are either the primary or secondary for a forward zone. The exception to this rule is that the 127.* network is not auto-generated due to the 1 IN PTR localhost. issue.

-debug Print debugging information. (this will print a LOT of information, be warned.)

-extension <ext> Append the given extension to the output files. This is useful if you want to have the reverse maps generated, but want to check their contents before use.

-hash <hash> Allows you to override the default hash function. (used to determine if a map has changed) mkrdns will try to use MD5 (1) if the Digest::MD5 Perl module is installed. Otherwise, it'll default to 32-bit checksums (0).

-help The help screen.

-quiet Turn off warning messages (multiple A records -> IP, etc.) Good for scripts, but you probably want to check on what the warnings report.

-rootdir <path> Specify the path to the root directory that named will be running in. This will handle anyone using a chrooted environment for named. Everything except the configuration file is assumed to be under the new root.

-version Show mkrdns version information.

mkrdns reads the standard BIND configuration files named.boot and named.conf. If you don't specify the full path to the file on the command line, mkrdns assumes that one (or both) will exist in /etc and will search for them. If none are found, the program exits. If one is found, it is used. If both are found, named.conf is used.

Directives are new in mkrdns since version 1.2. Think of directives as configuration options for mkrdns which are simply comments to BIND. The current directives are map, serialt, skip, and skipzone.

Map allows you to map hosts to another network. This was designed in for the purpose of handling DNS for a subnet of a class C network which you do not control. (See the DNS & BIND O'Reilly and Associates book, 3rd Ed., pg. 215-218) Assume that you have 10.4.4.32/27 (ie: you have the 32 IPs from 10.4.4.32 to 10.4.4.63 ...) You want to do reverse mappings for those IPs, but you don't control 4.4.10.in-addr.arpa. How do you do it? The solution is to become the master for another zone (such as 32.4.4.10.in-addr.arpa. or 32-63.4.4.10.in-addr.arpa.), and CNAME the correct reverse pointers to the ones you're in charge of. The format for the directive is: map <network/mask> <new network>

Ex: map 10.4.4.32/27 10.4.4.32-63

This maps all hosts between 10.4.4.32 and 10.4.4.63 to 10.4.4.32-63.32 to 10.4.4.32-63.63.

Serialt will change mkrdns's behavior with the serial number for certain zones. By default (and in all pre-1.6 versions of mkrdns), the serial number is assumed to be in date format (YYYYMMDDVV, year/month/day/version). As of v1.6 you can force mkrdns to treat it as a regular number instead. This allows for more than 100 zone changes a day, and has a bit more flexibility depending on the environment. The format for the directive is: serialt <zone> <format>

<zone> is either default or the actual zone (ie: 0.0.0.10.in-addr.arpa). <format> is either date or number.

Ex: serialt 1.168.192.in-addr.arpa number

Skip forces mkrdns to ignore certain hosts/IPs via regular expression. The concept is that there are some IN A records that you would like to skip and not create a reverse entry. Skip allows this. (for instance, foo IN A 10.4.4.32 and mail IN A 10.4.4.32 both exist, but you want to force foo as the reverse lookup and ignore mail. The following example can do this for you.) Format: skip <regular expression>

Ex: skip ^mail

This will skip any host (or IP) that matches the ^mail regular expression. The host is the FQDN, and the IP is before mapping (see above).

Skipzone forces mkrdns to ignore certain zones while processing the named configuration file. A possible use for this is where you have bar.com and bar.net, and both of them should have the same host info (ie: foo.bar.com and foo.bar.net both have the same records.) You want bar.com to be the reverse lookup for the IPs used. So set the zone file setting to the same file (bar.zone), and then add skipzone bar.net. NOTE: The skipzone argument must match EXACTLY with the zone name in the config file. NOTE: You can specify multiple zones in the same skipzone statement. (ie: skipzone foo.com bar.com)

The format of a directive differs (sorry) between named.conf and named.boot. UNIX-style comments (the hash mark then the comment) are allowed.

Directives look like a comment, so the format is simply:

 ; mkrdns <directive type> <parameters>

To make directives more efficient with BIND 8, the format is slightly different:

 /* mkrdns
    <directive type> <parameters>
    ...
 */

mkrdns -e new /etc/named.boot

This will run mkrdns over the file /etc/named.boot. Output files will be generated as <name>.new (i.e.: if the PTR zone file is called 160.zone, the output will be 160.zone.new.)

I tend to use this script like a lint check. i.e.: Edit the proper zone files, then run mkrdns.

As with most documentation, there are probably things that aren't mentioned in the docs that the script does/assumes/etc. I apologize for any inaccuracies/omissions. Let me know if there are any parts that have an issue, and I'll see if I can't straighten it out.

- the <network>.zone reverse map files must already be created, and have the appropriate information (SOA/NS records, etc.) in there. This script will strip out any PTR records, and then add them back in. (This means anything like blank lines and comments will be moved to the top of the file.) CW$ORIGIN and CW$INCLUDE are striped as of mkrdns 1.3.

- you must be at least a secondary for all domains which reference IP networks for which you're responsible. There is no means (currently at least) to specify a PTR record for a non-existent A record, so this script must have access to all A records that need to be reversed.

- if you have more than 1 A record pointing to a specific IP, you can't have both be the PTR record. This script takes the first A record it sees as the one used for the PTR record. A warning is printed for any additional entries. (While the RFCs don't prohibit multiple PTR records for the same IP, I have yet to find anyone who can give me a good reason to do it.)

- map serial numbers default to be in YYYYMMDDVV format. (YYYY = year, MM = month, DD = day, VV = version (00-99). This script will convert your serial number to this format if it's not already. I don't have too many daily DNS changes, so the action for not being able to update the serial number (ie: VV is at 99 and can't be increased) is to simply exit. If this is going to cause a problem for you, you can use the serialt directive to specify a zone (or the default) should treat the serial number as a number instead of using the date format. Either way, a problem will come up when the serial number reaches 4294967295 (max value), but that's another story. (mkrdns will print a warning if this is about to happen)

Theo Van Dinter <felicity@mkrdns.org> <tvd@colltech.com>