[dns-operations] Decent DNS traversal tools
mike at mikejones.in
Fri Sep 16 19:01:49 UTC 2011
Thanks for the responses, there are some useful tools there, but none
are quite what I was looking for.
doc seems to be very detailed and could be useful for doing a complete
check for every edge case if things are behaving strangely, but the
reports are perhaps too detailed for just doing a quick check after
DNSCheck I had a quick look at the hosted demo, which gives a "green
light" and says everything is consistent for a test domain that has
every server responding with different answers. It seems to be more of
an error checker rather than a "how is everything responding" checker.
dnstracer I couldn't seem to get to work?
dnswalk seems to be a less detailed version of doc, which does a zone
transfer from 1 server then looks at the response for errors?
I also got an off list message about http://dnsviz.net/ which is still
under construction but sounds interesting to check out progress when I
get around to playing with dnssec, and with the features that are
apparently being worked on could also be useful for other stuff but
it's too early to tell at the moment.
I guess for now my tool works well enough, I was just hoping for
something that did something similar showing the responses, but while
doing more checks to point out things that could be a problem. Perhaps
I'll add it back to the to-do list as a slightly bigger project to
write the sort of thing I was hoping for.
On 15 September 2011 16:26, Mike Jones <mike at mikejones.in> wrote:
> Hi guys,
> Just wondering if anyone knows of any decent tools for checking that
> everything is consistent between DNS servers. I found a few web based
> traversal tools that will follow the full delegation tree (most just
> follow 1 chain), but they have really let me down more recently
> because none seem to support IPv6! Also I couldn't find anything open
> source I could run myself, to deal with the problem that just as I
> seem to find a decent site they go and bring out a "new improved"
> version that requires twice the effort to get it to do anything.
> A few weeks ago I finally got around to throwing together something
> for personal use, which works "well enough" but I would rather find
> something that was perhaps a little more compliant than my quick botch
> job if possible (like following the delegation chain properly instead
> of blindly, following CNAMEs properly, and whatever else I missed -
> DNSSEC support+validation would be nice too for when I get around to
> playing with that).
> That's what I came up with to show the sort of thing I mean.
> - Mike
More information about the dns-operations