|
The idea for dnscheck came from a need to quickly compare what name servers were being returned for a zone by both the parent and the zone itself. Today, dnscheck has the ability to find lame, leaked or stale name servers having potential to cause disruption.
This utility is designed to run on a name server itself to compare what it believes are the correct name servers for a zone with what is actually listed by the parent, though it is possible to check any zone regardless (using the -u option if server is not a name server).
» revision history
New features in 1.3:
- Added support for processing files using views
- Added support for merging included files
- Added support for skipping RFC1918 zones
New features in 1.2:
- Improved local and parent name server list comparison
New features in 1.1:
- Added support for DiG 9.3.1
- Added search ability for finding the DiG binary
- Added DiG result caching to remove repeated lookups
» command line usage
| usage: |
dnscheck [-cgiuv] [-p|-r] [-a [-e ..] [-f] [-m|-s] | -z ..] [-d ..] [-h ..] [-n ..] |
| -a |
scan named.conf file for authoritative zones |
| -c |
disable dig result caching |
| -d dig_utility |
override default colon separated locations of dig |
| -e view_name |
process zones in the specified view |
| -f |
force checking of known publicly inaccessible zones |
| -g |
disable group-by-parent name server list |
| -h resolver_host |
override default local resolver |
| -i |
include serial numbers held at each name server |
| -m |
only process master zones |
| -n named_conf |
override default location of named.conf |
| -p |
simply list domains with problems (alters exit code) |
| -r |
show report regardless of outcome |
| -s |
only process slave zones |
| -u |
use upstream name server specified in resolv.conf |
| -v |
be verbose |
| -z domain_name |
check single zone |
» examples
A domain having a non-responsive or non-authoritative name server:
| amnesiac$ dnscheck -z alias-tv.com |
| alias-tv.com (serial 19980612) |
| |
dns1.eseehosting.com |
: |
dns1.eseehosting.com |
| dns2.eseehosting.com [0] |
*** |
dns2.eseehosting.com [0] |
Additional name servers being leaked from zone (on the right) which are unknown to the parent (on the left):
| amnesiac$ dnscheck -z needcoffee.com |
| needcoffee.com (serial 2005082300) |
| |
ns1.dreamhost.com |
: |
ns1.dreamhost.com |
| ns2.dreamhost.com |
: |
ns2.dreamhost.com |
| |
+ |
ns3.dreamhost.com |
A name server returning a permanent fatal error for a domain:
| amnesiac$ dnscheck -z 223.78.200.in-addr.arpa |
| 223.78.200.in-addr.arpa (serial 2002081301) |
| |
dns1.avantel.net.mx |
: |
dns1.avantel.net.mx |
| dns2.avantel.net.mx [refused] |
*** |
dns2.avantel.net.mx [refused] |
A domain having name servers listed by the parent which are not responding authoritatively:
| amnesiac$ dnscheck -z intelligentassistance.com |
| intelligentassistance.com (serial 1085849065) |
| |
ns1.ev1servers.net [0] |
- |
|
| ns2.ev1servers.net [0] |
- |
|
| ns1.rackshack.net |
: |
ns1.rackshack.net |
| ns2.rackshack.net |
: |
ns2.rackshack.net |
|
|
» download
Some operating systems may have dnscheck 1.3 available as a package, check their ports collection first. If you want to take the simple route, just install from source:
» requirements
Being a Perl script, dnscheck should be fairly operating system independent, but does require:
- Perl 5.005.03 or higher
- DiG 8.3 or higher
» releases
The latest stable production release of dnscheck is 1.3.
- 1.3 (released 30 Jun 2007)
- 1.2 (released 24 Feb 2006)
- 1.1 (released 23 Sept 2005)
- 1.0.4 (released 3 May 2005)
- 1.0.3 (released 15 Mar 2005)
- 1.0.1 (released 23 Feb 2005)
- 1.0 (released 19 Feb 2005)
» contribute
If you find dnscheck useful and want to contribute, use the PayPal link below. Any personal information provided during this process is not shared with anyone.
» contact information
Got an idea for a feature, found a bug or have a patch to correct an issue? Drop us an email at:
|
