Skip to main content

NQE Validate DNS Configuration on Arista & Cisco

  • 11 October 2023
  • 2 replies
  • 103 views

Audit our DNS configuration on Arista Devices and Cisco Devices - Would like to be able to combine the script as a single check, and started it (Second Code Script), but it’s not working yet, I need a little tutoring. 

/**
 * @intent Audit DNS Configuration on Arista
 * @description Searches through the running configuration for a pattern match.
 */

DNS_Standard = d"name-server 1.7.7.7 & 1.7.7.8", "dns domain net.xyz.com ",  "ip domain lookup source-interface Loopback0"];

AristaPatternDNS =
```
ip domain lookup source-interface Loopback0
dns domain net.xyz.com
ip name-server vrf default {ipv4Address} 
ip name-server vrf default {ipv4Address} 
```;

/* Select a list of devices by vendor */
foreach device in network.devices
where device.platform.vendor == Vendor.ARISTA || device.platform.os == OS.ARISTA_EOS
let outputs = device.outputs
foreach command in outputs.commands
where command.commandType == CommandType.CONFIG
let response = command.response
/* parse out the pattern defined above from the response of the CONFIG command type. */
let config = parseConfigBlocks(OS.ARISTA_EOS, response)
foreach match in blockMatches(config, AristaPatternDNS)

/* Display the results */
select {
  Device: device.name,
  Model: device.platform.os,
  Pattern: DNS_Standard,
  matchedBlocks: match.blocks
}

 

Here is the start of something that might work in the future - If someone can figure out how to duplicate the above for multiple Vendors:

 

MULTIPLE VENDOR “IDEA”

/** Same as ver1 but with an Import DNS_HOSTS from NetworVars/DNS_Servers File - **/
/** Want to be able to get a single DEVICE OUTPUT, why am I getting doubles???? **/
/** **//** **//** **//** **//** **//** **//** **//** **//** **//** **/

DNS_Standard = t"name-server 1.7.7.7 & 1.7.7.8", "dns domain net.xyz.com ",  "ip domain lookup source-interface Loopback0"];

foreach Device in network.devices
let OS = 
		if Device.platform.os == OS.ARISTA_EOS	then OS.ARISTA_EOS
		else if Device.platform.os == OS.IOS_XE	then OS.IOS_XE
		else if Device.platform.os == OS.IOS then OS.IOS
		else if Device.platform.os == OS.NXOS then OS.NXOS
		else OS.UNKNOWN

let Pattern = 
		if Device.platform.os == OS.ARISTA_EOS 	then ARISTA_EOS_CONF
		else if Device.platform.os == OS.IOS_XE then CISCO_IOS_XE_CONF
		else if Device.platform.os == OS.IOS then CISCO_IOS_CONF
		else UNKNOWN_CONF

let OUTPUT = Device.outputs
foreach Config in OUTPUT.commands
where Config.commandType == CommandType.CONFIG
let Config = parseConfigBlocks(OS, Config.response)

foreach Match in blockMatches_alpha1(Config, Pattern)
let PATTERN_MATCH = hasBlockMatch_alpha1(Config, Pattern)
let CONFIGURED_SERVERS = SMatch.data.IP1, Match.data.IP2]
let MISSING_IPS = DNS_HOSTS - CONFIGURED_SERVERS
let CONFIGURED_UNSUPPORTED_IPS = CONFIGURED_SERVERS - DNS_HOSTS

select {
  Device: Device.name,
  Platform: Device.platform.os,
  RUNNING_CONFIG: Match.blocks,
  DNS_STANDARD: DNS_Standard, 
  UNSPPORTED_IPS: CONFIGURED_UNSUPPORTED_IPS,
  Match: PATTERN_MATCH
}

 

Hi @cariddir 

I think your strategy is very valid. I see the pain of integrating configs from multiple vendors into a single query. I see that you are using “if/else” to identify the models. This is a great starting point. I’ll point out that there is another way using the “when” statement (this is similar to  a “switch” in C and Python)

 

Here is a simple example using when 

 

dns_addresses = eipAddress("1.1.1.1"), ipAddress("8.8.8.8")];

ios_xr = ```
dns {dns:ipv4Address}
```;

arista = ```
dns-server {dns:ipv4Address}
```;

generic = ```
dns {dns:ipv4Address}
```;

foreach d in network.devices
let os = d.platform.os
let dns_pattern = when os is
                    IOS_XR -> ios_xr;
                    ARISTA_EOS -> arista;
                    otherwise -> generic
let dns_result = blockMatches(d.files.config, dns_pattern)
foreach r in dns_result
select {
  name: d.name, os, dns: r.data.dns, dns_compliance: r.data.dns in dns_addresses
}

 

Iet me also take a look at your specific example and see if we can simplify it. 

Hey Jack !

Thanks for checking it out. It’s such a great tool, and I see so many game changing things we can do with NQE running our audits,  but my current skill set is regulated to more simple queries for now. So anything you can conjure up, would be appreciated!

Sincerely,
Rich Cariddi

Reply


Badge winners

  • NQE Contributor
    dakotagloryhas earned the badge NQE Contributor
  • Community Champ Award
    GaryBhas earned the badge Community Champ Award
  • Community Champ Award
    AndyLhas earned the badge Community Champ Award
  • NQE Contributor
    Christopherhas earned the badge NQE Contributor
  • NQE Contributor
    Tyson Henriehas earned the badge NQE Contributor
Show all badges
Terms of UseCookie settings