DNSwalk - A DNS Database Debugger


DNSwalk is a DNS database debugging tool. It performs zone transfers of specified domains and checks the database in numerous ways for internal consistency, as well as accuracy.

Note: DNSwalk requires Perl and the Net::DNS Perl package. Perl is assumed to be in /usr/local/bin, if it is not, edit the first line of DNSwalk.

This program is not for the faint of heart.  It should NOT be used without a firm knowledge of the DNS RFC's. The warnings and errors must be interpreted within the context they are being used. Something may be flagged as a warning, but in reality, it is a really bad error. Conversely, DNSwalk will flag things as warnings and possibly even errors, but they may actually be perfectly "legal" or normal in your specific situation. DNSwalk is not an AI engine, it just provides useful information.

It is not a replacement for DOC, although DNSwalk is starting to incorporate some of the things doc checks for.  DNSwalk was written to check individual database entries, while 'DOC' ensures that the overall database structure and authority records are consistent. DNSwalk may not even function correctly (or find real problems) if authority records are missing or incorrect.

This tool tends to produce lots of output so you might want to redirect the output into a file of your choice.  For small, mostly-correct domains it is pretty manageable, however.  For larger domains, you must use the included "do-dnswalk" script as a guide.

DNSwalk is also a part of the official penetration testing distribution Kali Linux.

No comments

Powered by Blogger.