This script checks RR of a zone which have a QTYPE with an external (out-of-bailiwick) hostname. It will check if these hostnames are resolvable or in the case of QTYPE NS, whether there is mismatch between parent and child zone. Specifically, this scripts supports rdata hostname checks of the QTYPEs NS, CNAME, MX, SRV and DNAME.
The script sends DNS queries to your local resolver but also to authoritative name servers directly (only needed for zone apex NS rrset checks). Zone apex NS rrset checks are skipped if queries to authoritative name servers fail.
If you have installed python you should be able to install dnsypthon with the command pip3:
pip3 install dnspython
./hostname-check.py OPTIONS [-n address|-i zonefile] -o origin
-o origin zone origin e.g. switch.ch
-n address get zone via zone transfer from nameserver ip address
-i zonefile read zone from file (BIND zone format)
OPTIONS:
-r address recursive resolver ip address instead of system default
-k keyfile specify tsig key file for zone transfer access
-x policy comma seperated list of qtype to check. default if not
specified: NS,MX,CNAME,SRV,DNAME
-t timeout DNS query timeout (default 3 sec)
-v verbose output (debugging)
-h print this help
Notes:
- tsig key file expects a BIND key file (See also BIND ARM)
- The script sends DNS queries to your local resolver but also to authoritative name servers directly
Licensed under the term of MIT License.
You might also want to check out the following tools with the same goal: