Empowering Global Enterprise
Business Cloud Service and Security
Management
How to Leverage CLEVERDetect® DNSDiff in Auditing DNS Compliance Data
How to Leverage CLEVERDetect® DNSDiff in Auditing DNS Compliance Data
To maintain efficient business services, it is important to identify anomalies in the integrated DNS data network. CLEVERDetect® DNSDiff is an audit tool that can help with this task. By inputting the DNS zone file compiled on the resolving server or a path containing one or more dB zone files, DNSDiff parses the file into tokens and creates a dictionary of key-value pairs representing the zone authority, record type, source, and expected resolution. With the help of a collector and DNS lookup, anomalies can be quickly identified and addressed.
The CLEVERDetect® DNSDiff can be used for ongoing monitoring and automation with Selenium scripting. Its command line component is suitable for console operation and can be containerized as a microservice for integration into infrastructure as code with Ansible and Puppet.
Use cases:
For regular maintenance and minor update to the master DNS zone.
1. DNS update record does not normally flush caches. A subset of the zone file where modification occurs can be used as input to DNSDiff. Typical misconfigured records and old definitions would be identified from the DNSDiff output.
2. For network performance and vulnerability detection, DNSDiff monitoring from the CLEVERDetect® web app is recommended with monitoring interval setting falls between the DHCP lease time. In continuous deployment and testing scenarios, DNSDiff should be configured and run using Selenium or similar testing tools.
3. For wholesale network migration where multiple zones are pulled in under a root domain, and is usually done in incremental steps, each switched-over name server can be audited by inputting the affected zone file(s) into DNSDiff. The result helps vested the followings:
• Flush out resource conflicts, outdated DNS cache resulting in the name not being updated, and misconfiguration issues after DNS server push and transfer.
• Identify inactive IP addresses for vulnerability, compliance, and redeployment
• Track device inventory for rogue or unmanaged devices and vendors
• Capture and document audit log events to verify DNS and network configuration changes.
CLEVERDetect® CLI — clvrdnsdiff: command line program used to perform DNS-DIFF.
| ||
Synopsis: |
| |
clvrdnsdiff [-options] -f baseline_filename -s dns_server [-o output_filename]
| ||
Where, |
| |
| baseline_filename | Fully qualified path of dBzone file importer to local machine |
| dns_server | Domain name resolver server |
| output_filename | Optional output filename (without path). Output will always be in $(cat /etc/clvrdnsanaenv.conf)/tmp/[output_filename] Default output filename: $(cat /etc/clvrdnsanaenv.conf)/tmp/dnsdiff_out.txt |
Options: | -h –help | Display usage. |
| -d –directory | Specify directory containing multiple dBzone files |
References
The domain space is divided into zones that are arranged in a tree-like structure under a root domain. Each zone includes all domains and subdomains that belong to the same level.
For every zone under the root domain, there is a corresponding ‘dbZone’ file that contains all the records ( record types – see: https://simpledns.com/help/dns-record-types) that map domain names and IP addresses. These records are managed according to specific rules outlined in the SOA and DNSSEC records settings.