logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

dnswalk - A DNS database debugger

Contents

Author

       David Barr <barr@cis.ohio-state.edu>

                                                                                                      DNSWALK(1)

Bugs

       dnswalk will make the directory tree before it has a chance to find out that you gave it a  bogus  domain
       name.
       When  checking  lots  of hosts and lots of options, it is very slow.  Running dnswalk on a machine with a
       local nameserver helps considerably.
       Perl's gethostby{name,addr}() routine doesn't seem to consistently return an error whenever it is  unable
       to  resolve  an  address.   Argh.   This will mean lots of "no PTR record" and "host unknown" errors if a
       server is unavailable, or for some reason the lookup fails.  You may get strange error messages  if  your
       perl was compiled without support for herror().

Description

dnswalk  is  a DNS debugger.  It performs zone transfers of specified domains, and checks the database in
       numerous ways for internal consistency, as well as for correctness according to accepted  practices  with
       the Domain Name System.

       The  domain  name  specified  on the command line MUST end with a '.'.  You can specify a forward domain,
       such as dnswalkpodunk.edu.  or a reverse domain, such as dnswalk3.2.1.in-addr.arpa.

Diagnostics

       When invoked with the -d option, dnswalk will  print  status  information  to  stderr.   It  consists  of
       information  about  what  zone is being checked, and a single letter corresponding to the resource record
       checked, and any errors.
       a      A record
       c      CNAME record
       p      PTR record
       m      MX record
       s      SOA record
       !      An error occurred
       .      A previous error in the zone was repeated, but suppressed.

Name

       dnswalk - A DNS database debugger

Options

-r     Recursively descend sub-domains of the specified domain.  Use with care.
       -a     Turn on warning of duplicate A records.  (see below)
       -d     Print debugging and 'status' information  to  stderr.   (Use  only  if  redirecting  stdout)   See
              DIAGNOSTICS section.
       -m     Perform checks only if the zone has been modified since the previous run.
       -F     perform  "fascist"  checking.  When checking an A record, compare the PTR name for each IP address
              with the forward name and report mismatches.  (see below)  I recommend  you  try  this  option  at
              least once to see what sorts of errors pop up - you might be surprised!.
       -i     Suppress check for invalid characters in a domain name.  (see below)
       -l     Perform  "lame  delegation"  checking.   For every NS record, check to see that the listed host is
              indeed returning authoritative answers for this domain.
       ERRORS
              The following the list of error messages that dnswalk will return if it sees a  potential  problem
              with  the  database.   Duplicate  messages  will be suppressed automatically for each zone.  Error
              messages are prefixed by a keyword indicating the message type: "WARN"  (possible  data  problem),
              "FAIL"  (failure to access data), or "BAD" (invalid data).  dnswalk exits with a return code equal
              to the number of "BAD" errors.
       XPTRY:unknownhost
              X is a PTR record to Y, but Y is not a valid host (no A record).  These are often left  over  from
              when someone deleted a host from the DNS and forgot to delete the PTR record.
       XPTRY:Arecordnotfound
              X  is  a  PTR  record  to Y, but the IP address associated with the PTR record is not listed as an
              address for Y.  There should be an A record for every valid IP address for a host.  Many  Internet
              services will not talk to you if you have mismatched PTR records.
       XPTRY:CNAME(toZ)
              X  is a PTR record to Y, but Y is a CNAME to Z.  PTR records MUST point to the canonical name of a
              host, not an alias.
       XCNAMEY:unknownhost
              X is aliased to Y, but Y is not a valid host (no A record).
       XCNAMEY:CNAME(toZ)
              X is aliased to Y, but Y is aliased to Z.  CNAMEs should not be chained.
       XMXY:unknownhost
              X is an MX to Y, but Y is not a valid host (no A record).
       XMXY:CNAME(toZ)
              X is an MX to Y, but Y is an alias for Z.  MX records must point to the  canonical  name,  not  an
              alias.
       XAY:noPTRrecord
              X  has  an  IP  address  Y,  but there is no PTR record to map the IP address Y back to a hostname
              (usually X). Many Internet servers (such as anonymous FTP servers) will not talk to addresses that
              don't have PTR records.
       warning:Xhasonlyoneauthoritativenameserver
              Zones must have at least one authoritative nameserver, in case one is down or  unreachable.   Make
              sure the parent and child domains list all authoritative nameservers for a zone.
       CannotcheckX:noavailablenameservers!
              The   X   zone   was  delegated  with  NS  records but all the nameservers for the zone are either
              unavailable or say that they have no data for the zone (are lame).  Verify that  the X zone  isn't
              a typo, and if so make sure that all the listed nameservers are configured to answer with data for
              the zone.
       X:invalidcharacter(s)inname
              Allowable  characters  in  a domain name are the ASCII letters a through Z the digits 0 through 9,
              and the "-" character.  A "." may be used only as a domain separator.  (checking can be suppressed
              with -i )
       X:domainoccurredtwice,forgottrailing'.'?
              A sanity check which looks for "dom.ain.dom.ain." in a name.  This is often caused  by  forgetting
              to put a trailing '.' on the end of a name.
       (with -a switch)
       X:possibleduplicateArecord(glueofZ?)
              A  duplicate A records is listed for X.  NOTE: this is most often caused by the practice of always
              putting A records for all secondaries after NS glue records.  While this is not an  error,  it  is
              usually redundant and makes changing IP addresses later more difficult, since they occur more than
              one  time  in  the file (and in multiple files).  You may get spurious errors, mostly because of a
              quirk in BIND releases before 4.9.x that reports cached glue A records in  a  zone  transfer  even
              though they don't exist in the original zone file.
       (with -F switch)
       XAY:pointstoZ
              X has Y for an IP address, but the PTR record associated with Y returns "Z" as the name associated
              with  that  host.   This is not necessarily an error (for example if you have an A record for your
              domain name), but can be useful to check for A records which point  to  the  wrong  host,  or  PTR
              records that point to the wrong host.
       CannotfindaddressfornameserverX
              This  error  is  generated  if  the address for a delegated nameserver X cannot be resolved.  This
              could be a lame delegation (due to a typo in delegation), or a temporary DNS error.
       (with -l switch)
       XNSY:lameNSdelegation
              Y is a listed nameserver for zone X, but Y is not returning authoritative data for zone  X.   This
              is  usually the result of a lack of communication on the part of the respective hostmasters.  Lame
              delegations are not fatal problems except in severe cases, they just tend  to  create  significant
              increases  in  DNS traffic.  NS records for the parent and child domains should be consistent, and
              each server listed in the NS record MUST be able to answer  with  authoritative  data,  either  by
              being a primary or secondary for the zone.
       CannotgetSOArecordforXfromY(lame?)
              This  error  is  generated  if dnswalk cannot get the SOA record for zone X from the nameserver Y.
              This could mean a lame delegation, or simply that the host is temporarily unreachable.

See Also

       RFC 1034 - "DOMAIN NAMES - CONCEPTS AND FACILITIES"
       RFC 1035 - "DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION"
       RFC 1123 - "Requirements for Internet Hosts -- Application and Support"
       Paul Albitz, Cricket Liu: "DNS and BIND" O'Reilly & Associates.

Synopsis

dnswalk [ -adilrfFm ] domain.

See Also

Record
Record PNG Icons
Man Pages
zones Man Pages
Man Pages
names Man Pages
Man Pages
Domain Man Pages
MCP
Workflowlearner Mcp
Host
Host PNG Icons
Error
Error PNG Icons
TLDR
Validate dns zones - dnswalk debugger Tldr
Address
Address PNG Icons
← View User commands Category← Back to File management🙏  Credits & Acknowledgments