dns.pl

The program which checks delegation points is released under an open source license based on the BSD one.

The statistic collection tools are not freely available.

To run the dns.pl script, you need the following perl modules:

• Getopt::Std
• Net::DNS
• IO::Socket
• IO::Select
• Fcntl ':flock'
• IO::Handle

It has been running successfully on Solaris and FreeBSD, and used multiple processes to parallellize the work. It can create significant amount of load both on local full resolvers as well as the network. As most DNS queries are sent via UDP, a congested connection will certainly give wrong result when testing.

It is also the case that one kind of error can give other errors automatically. For example, if there is a lame delegation, errors will be given also for not being able to fetch the SOA over TCP. The idea is that the dns.pl script is to give as raw data as possible, and then post processing is calculating what is really happening. In most cases, a human need to investigate the problems to see whether what is reported for the specific zone is important enough to fix.

Current version is 2.0.3, and you can find it here.

The mailing list for announcements of new version of the code can be found here.

What is tested include:

• That A records exists for NS record
• That PTR exists for all IP addresses found when look at A
• That A exists for all domain names (including the ones found when looing for PTR)
• That a zone have at least 2 nameservers
• That all responses from authoritative servers are athoritative
• That information at parent and child is consistent
• That the nameservers respond over both UDP and TCP
• That the email address found in the SOA actually works
• That CNAME is not used for MX and NS
• That the SMTP server handle EHLO and empty envelope sender address
• Whether all hosts MX refer to works, or only some of them
• That serial numbers at all authoritative servers are consistent
• That correct glue exists when glue is needed is parent

Reported errors and warnings include:

• A record is missing for MX, NS or PTR (1)
• PTR record is missing for IP address (2)
• NS not found at nameserver for parent zone (6)
• Fewer NS than 2 found for a zone (9)
• No authoritative response for NS when it was expected (10)
• No NS records found at all at nameserver (12)
• No authoritative response for SOA over TCP when it was expected (13)
• Email address found in SOA is not ok (14)
• CNAME found whene A was expected (15)
• No SOA in response when expected (16)
• CNAME found when PTR was expected (17)
• SMTP server does not accept empty envelope from address (22)
• Email address in SOA works, but it has non-working MX records (23)
• Inconsistent serial numbers in SOA at authoritative servers (24)
• Could not open connection to port 25 over TCP (25)
• Inconsistent serial numbers in SOA for parent zone (27)
• SMTP server does not support RSET after failed EHLO (29)
• Email address is not accepted by SMTP server (32)
• No SOA returned at all when querying over TCP (118)
• No glue found in parent zone when it is needed (119)
• Loop in glue record chain (132)