Dear #SysAdmin fedi – I am sure this has to exist, but I cannot find a tool like that.
I need a CLI tool that would canonicalize a DNS zone file. As in: put all the entries in a well-defined order, replace whitespace with a predefined pattern, organize the SOA section in a reproducible manner.
My basic need is being able to tell two zone files are 100% functionally equivalent, even if one uses tabs, the other spaces, and if entries are in completely random order, etc.
Anyone?
#DevOps .
@rysiek I think PowerDNS has zone-file ingestion tools, so you could turn two zone files into SQL and compare that…?
@rysiek Have a look at the `ldns` utilities by @nlnetlabs (https://nlnetlabs.nl/projects/ldns/about/) or its replacement (but not yet with feature parity) `dnst` (https://nlnetlabs.nl/projects/domain/dnst/).
On #Debian, install `ldnsutils` and try `ldns-readzone` and `ldns-compare-zones`: https://nlnetlabs.nl/projects/ldns/documentation/
@rysiek
Would coverting to the dnscontrol js format maybe help? It is said to be semantically equivalent to BIND zone files.
@rysiek We've been using dnspython (Python library) at work to parse zone files.
You could use it to parse a zone file and write the result to a new file.
The same approach might also work for other programs/libraries.
Should be good enough for comparing what it would be parsed as, but the result is not exactly the same as the source:
From a quick test with the example.com zone from Wikipedia; it a least sets the default TTL ($TTL) for all records that don't specify one, turns absolute records pointing to its own domain into relative ones, and seems to sort the records.
e.g. python3 -c "import dns.zone; import sys; dns.zone.from_file(sys.argv[1]).to_file(sys.argv[2])" example.zone example.zone.parsed
@rysiek https://dnspython.readthedocs.io/en/latest/zone-make.html#dns.zone.from_file if you can’t find a tool to your liking a simple python script might work using dnspython.
There’s quite a few helper functions in the Zone class as well for manipulating zones read in by dns.zone.from_file
@elebertus I think named-checkzone is what I needed, but I also like the Python script approach, good idea! Thank you!
@rysiek ya for sure! I figure if you’re doing some validation stuff and write python this would let you write the exact test cases / comparisons you need to solve your problem.
@elebertus I am templating a pretty gnarly mostly-manually-edited so far zone with thousands of labels. The test case is: "does the new cleaner templated version yield exactly the same zone." 🙂
@rysiek heck you could even probably straight up write unit tests then. So that’s actually kinda cool 😎
@rysiek named-checkzone does this and it's part of the isc-bind package, something like:
named-checkzone -q -f text -F text -o - -s full zonename zonefile
I often do this exact check with
diff -u <( named-checkzone ... oldfile ) <( named-checkzone ... newfile )
I generally find that "-s relative" is better for working with day-to-day because the layout looks a bit nicer
@rysiek ... I should add I'm not yet through my first coffee for the morning and haven't looked at the script I wrote to do this, so it's a bit hand-wavy and I might have screwed up some ordering of options, but there's a hefty crumb for the bread trail anyway ... :)
@mherbert this might be exactly what I need, thank you!
On Debian 13 the package is bind9-utils, by the way (important to me as this means I can install a package with this tool without installing all of Bind).
@rysiek Does `rndc dumpdb` do what you want? Or are you looking for something that acts on the zone files directly, without loading them into bind?
@bert_hubert might know of such a tool
@daedalus @bert_hubert yeah, something that would not have to load it into BIND would be definitely preferable.
@rysiek
Maybe run each file through sort, then apply a simple diff with ignore-whitespace?
@ThreeSigma there's a bunch of sed/grep/awk magic I could do, but I'd prefer not having to do that. the SOA section in particular is going to be an issue, and probably a bunch of other things (IN is optional, for example).
It quickly gets complicated.
@rysiek I did a little searching and came across https://github.com/VintageOps/dns-zone-compare which looks interesting
@mig5 oooh, this might do the trick, thank you!
@rysiek I don't have first-hand experience in this area, but I did some searching and found this. Maybe it meets the need?
@r0k is this a CLI tool?
@rysiek sorry, I didn't realize that this was one tool in a toolkit of _many_
though it looks like the toolkit as a whole can be run locally via docker, etc.
https://github.com/lissy93/networking-toolbox
sorry if that makes it a bad suggestion for your use case
