—or, notes for a program “paleodig: DNS historian” I’ll probably never get around to writing. I certainly haven’t since I drafted these notes in 2010.

Forward: FWD_DB=/data/db/paleodig/fwd

  1. Try AXFR…

     # Filter version string, query info., &c.
     # "git commit", &c.
  2. …but fall back when that fails (as it usually will):

     dig $DOMAIN > $FWD_DB/$DOMAIN
     # Likewise.

    Perhaps trace other hostnames in $DOMAIN in HTML.

Reverse: REV_DB=/data/db/paleodig/rev

  • Per-IP only.

  • Special cases: new hostname, hostname rm’d (i.e., from DNS itself). Compare multiple authoritatives and show disagreements?

Output: git-filter-brach(1) –> tar czf –> download

  • Someday, though, Web-based diffing would be nice.

  • telnet interface.

E-mail notifications of changes?

PostgreSQL for queue (stagger Alexa’s top throughout the day), cached statistics, &c.

How will this data pile up? On-disk storage okay, or need S3?


From http://mailman.nanog.org/pipermail/nanog/2010-December/028635.html:

Date: Fri, 3 Dec 2010 09:45:57 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Subject: Re: wikileaks dns (was Re: Blocking International DNS)
To: Ken Chase <ken@sizone.org>
Cc: nanog@nanog.org
Message-ID: <20101203084557.GA26742@nic.fr>
Content-Type: text/plain; charset=us-ascii

On Fri, Dec 03, 2010 at 12:52:29AM -0500,
 Ken Chase <ken@sizone.org> wrote
 a message of 24 lines which said:

> Anyone have records of what wikileaks (RR, i assume) A record was?

Translated into an URL, the first one does not work (virtual hosting,
may be) but the second does.

I've found also, thanks to a new name resolution protocol, TDNS
(Tweeter DNS),, which works.

> I should have queried my favourite open rDNS servers before they
> expired,

dig A wikileaks.org > backup.txt

(from cron)

is a useful method. Other possible solution would be a DNSarchive, in
the same way there is a WebArchive. Any volunteer?