• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

BUGSH A D15-Dec-20151.9 KiB3830

CHANGESH A D15-Dec-20154.2 KiB9178

COPYINGH A D18-Jul-199817.6 KiB340281

COPYRIGHTH A D22-Mar-1999764 1712

INSTALLH A D19-Nov-20002.1 KiB6341

MakefileH A D15-Dec-20151.1 KiB4624

READMEH A D15-Dec-20156.7 KiB176117

TESTCASESH A D16-Aug-19991 KiB3526

digparseH A D03-May-20226.2 KiB20989

dlintH A D15-Dec-201519.4 KiB611391

dlint.1H A D15-Dec-20153.2 KiB105104

README

1
2                         Dlint version 1.4.1
3            A Domain Name Server Zone Verification Utility
4       Copyright (C) 1993-1999 Paul A. Balyoz <pab@domtools.com>
5       Currently maintained by Chris Hutchinson <portmaster@BSDforge.com>
6
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License as published by
9    the Free Software Foundation; either version 2 of the License, or
10    (at your option) any later version.
11
12    This program is distributed in the hope that it will be useful,
13    but WITHOUT ANY WARRANTY; without even the implied warranty of
14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15    GNU General Public License for more details.
16
17    You should have received a copy of the GNU General Public License
18    along with this program; if not, write to the Free Software
19    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20
21
22DESCRIPTION
23
24This program analyzes any DNS zone you specify, and reports any problems it
25finds by displaying errors and warnings.  Then it descends recursively to
26examine all zones below the given one (this can be disabled with a command-
27line option).  Designed for Unix, dlint is written in Bourne Shell and Perl.
28
29Dlint is also available on the Internet from your web browser:
30
31	http://BSDforge.com/projects/dns/dlint/
32
33(this server imposes a timeout period; to lint a big zone, you should
34install dlint yourself and use it locally - that's what this package is for).
35
36
37WHAT DLINT REALLY CHECKS
38
39    * for each nameserver of the given zone, if its domain name ends in
40      "in-addr.arpa." then give a warning & ignore it.  This can happen
41      in in-addr.arpa. zones when an NS record contains just a host name
42      instead of the fully-qualified domain name.
43
44    * for each host with an "A" resource record containing an IP address,
45      there should be an equivalent PTR record pointing from the address
46      back to the host.  Missing records and IP address mismatches are
47      reported.  (exception: when it's really a domain instead of a host,
48      there may not be a PTR record).
49
50    * for each PTR resource record in an in-addr.arpa zone pointing to a host,
51      there should be an equivalent "A" record for that host listing the same
52      IP address.  Missing records and IP address mismatches are reported.
53
54    * special warning if it detects a pound-sign on the front of a record
55      (a common mistake: using "#" for comment symbol instead of ";").
56
57Dlint will notice if there are subdomains (subzones), and recursively traverse
58them, too, looking for problems.  This recursion can be disabled with a
59command-line option.
60
61You can run dlint on your own domains, or on somebody else's, because it uses
62the standard DNS network protocol.  Dlint is very useful since most nameservers
63do no more than syntax-check your database files.  Dlint's messages are very
64informative and suggest ways to fix the problems, not just complain about them.
65
66Dlint doesn't catch every kind of problem, just the ones listed here which
67can cause strange host-access problems for you and for other sites trying
68to reach your computer systems over the Internet.
69
70
71REQUIREMENTS
72
73   * DiG 2.1 or newer
74   * Perl 5 or newer
75
76
77INSTALLATION
78
79    See file "INSTALL" for details.
80
81
82RUNNING DLINT, READING ITS OUTPUT
83
84Make sure "dig" is in your path.  Type "which dig" to see if it is.
85If not, go and get DiG and install it now!  (see below)
86
87	% dlint your.dom.ain.
88or:
89	% dlint 4.3.2.1.in-addr.arpa.
90
91Dlint is fairly verbose; comment lines are preceded by semicolons (";").
92Any line not commented out is something important: a warning or an error.
93
94Not all warnings and errors are really problems - you need to use your best
95judgment when considering making changes to your DNS database.  One warning you
96might see which you can ignore is:
97
98   WARNING: "localhost.cse.nau.edu. A 127.0.0.1": the PTR record for 1.0.0.127.in-addr.arpa. says "localhost."
99        (one of the above two records might be wrong.)
100
101This is not really a problem because Unix systems sometimes use records like
102"localhost.cse.nau.edu." in their local domain to speed up "localhost"
103address queries.  Every zone containing Unix machines should have one of
104these fake "localhost" hosts in it with an address of 127.0.0.1.
105
106Another warning that may not be a problem looks like this:
107
108   WARNING: csenet.cse.nau.edu. has no A record, but that's OK only if it's a network or other special name instead of a host.
109
110If that domain name is the name of a network or subnet at your site
111and _not_ the name of an actual host (no single IP address is associated
112with it), then ignore it.  If you know it's supposed to be a host, then
113an A resource-record should be added to the zone it lives in.
114
115If you see different output at different times for the same zone that you
116know is not being modified, then get and run the Doc utility (see below)
117over your domain first.  Some authoritative nameservers for the zone have
118different copies of the zone database (check their SOA records).
119
120
121FUTURE ENHANCEMENTS
122
123 * Rewrite in Perl using Net::DNS
124
125 * Lame delegation checking
126
127 * CIDR support
128
129 * IPv6 support
130
131 * Character-set checking on all domain names
132
133 * Detect duplicate domain components and report "missing end-period in zone
134   file".  Example: host.cse.nau.edu.cse.nau.edu. should be host.cse.nau.edu.
135
136 * Let user specify what server to query (command-line option)
137
138
139SEE ALSO
140
141 * Domain Obscurity Checker (DOC), which comes with BIND.  It checks for
142   lame delegations and other problems with just your primary/secondary
143   nameservers.  Solve those problems first, then run Dlint to get the best
144   results.  If a zone is sufficiently misconfigured, Dlint has trouble
145   producing useful information.  BIND comes from:
146
147	http://www.isc.org/bind.html
148
149 * FYI 27 - Tools for DNS Debugging.  http://www.landfield.com/rfcs/fyi/fyi27.html
150
151 * RFC's on DNS, available at  http://www.landfield.com/rfcs/
152
153	RFC 1032 - Domain Administrators Guide
154	RFC 1033 - Domain Operations Administrators Guide
155	RFC 1034 - Domain Names Concepts and Facilities
156	RFC 1035 - Domain Names Implementation and Specification
157	RFC 1101 - DNS Encoding of Network Names and Other Types
158	RFC 1123 - Requirements for Internet Hosts
159	RFC 1536 - Common DNS Implementation Errors and Fixes
160	RFC 1713 - Tools for DNS Debugging
161	RFC 1912 - Common DNS Operational and Configuration Errors
162	RFC 2181 - Clarifications to the DNS Specification
163	RFC 2182 - Selection and Operation of Secondary DNS Servers
164
165
166DISTRIBUTION
167
168    The latest version of Dlint can be found at the master site:
169
170	http://www.domtools.com/dns/dlint.shtml
171
172--
173Paul Balyoz,  Unix Sysadmin and Programmer
174Domtools Consulting                           pab@domtools.com
175Phoenix Arizona, USA                          pbalyoz@jammed.com
176