README
1 dnswalk 2.0 - August 4, 1997
2
3Author: David Barr <barr@cis.ohio-state.edu>
4$Id: README,v 1.6 1997/08/04 19:09:34 barr Exp barr $
5
6INTRO
7
8dnswalk is a DNS debugger. It performs zone transfers of specified
9domains, and checks the database in numerous ways for internal
10consistency, as well as accuracy.
11
12dnswalk requires perl and the Net::DNS Perl package. If you do not have
13these, get them. (perl is assumed to be in /usr/local/bin, edit the first
14line of dnswalk if it is not)
15
16They can be found by at:
17http://www.perl.com/perl/
18
19dnswalk used to require 'dig' (part of the BIND distribution). However,
20different versions of dig gave output which was ever so slightly different,
21causing dnswalk to break. (This is usually easy to fix, even in a
22backward-compatible fashion, but it was annoying nonetheless) Also,
23using an external program made error checking more difficult and not
24very reliable. Since error checking is the heart of what dnswalk is about,
25this wasn't good. I finally got off my duff and ported dnswalk to Michael
26Fuhr's Net::DNS package, something I've been wanting to do for a while.
27(actually another reason I waited so long was the Net::DNS package wasn't
28complete enough initially for for a complete port.)
29
30
31 dnswalk is not for the faint of heart. It should NOT be used
32without a firm knowledge of the DNS RFC's. The warnings and errors
33must be interpreted within the context they are being used. Something
34may be flagged as a warning, but in reality it is a really bad error.
35Conversely dnswalk will flag things as warnings and possibly even
36errors, but they may actually be perfectly "legal" or normal in your
37specific situation. dnswalk is not an AI engine. It just provides
38useful information which you need to interpret. If you use this tool
39for cracking or otherwise evil purposes, the author hereby considers
40you a slime-ball. See the end of this README file for a list of good
41reading material.
42
43 dnswalk is not a replacement for doc, although dnswalk is starting
44to incorporate some of the things doc checks for. dnswalk was written to
45check individual database entries, while 'doc' ensures that the overall
46database structure and authority records are consistent. dnswalk may
47not even function correctly (or find real problems) if authority records
48are missing or incorrect.
49
50 This program may be freely distributed, as long as this notice
51and documentation are distributed with the program. This program is
52released as-is, with no warranty expressed or implied. Some assembly
53required, contents may settle during shipment. This program can be
54found at
55
56http://www.cis.ohio-state.edu/~barr/dnswalk/
57
58 dnswalk tends to produce lots of output, so I'd suggest
59redirecting this into a file of your choice. I debated using doc's
60strategy of automatically putting it in a logfile, but decided not
61to. (The author reserves the right to change his mind) For small,
62mostly-correct domains it is pretty manageable, however. For larger
63domains, use the included 'do-dnswalk' script as a guide.
64
65Please refer to the man page on what dnswalk checks for, and
66the format of the output.
67
68*** NOTICE ***
69 I fully realize that while some of the rules are not in
70violation of an RFC, it might be wise to reconsider their usage
71anyway. dnswalk was written to be a tool to let the hostmaster decide
72what are troublesome areas, not as a program that has all the answers.
73*** NOTICE ***
74
75This program was originally tested with data from the psu.edu domain.
76If your site does things differently than the way we do things, then you
77may see it report things as errors, when in fact they are "okay".
78If you notice something not being reported, or something reported that
79is not an error, please send me output! I fully admit that I'm not
80an expert in DNS and the requirements. My rules tend to be skewed to
81my personal feelings about what "nice" DNS databases look like. Others
82are free to differ. (and tell me so)
83
84Author:
85David Barr <barr@cis.ohio-state.edu>
86Lead System Administrator
87The Ohio State University, Department of Computer and Information Science
88
89Thanks:
90
91Bill Fenner - tips with perl
92Michael Fuhr - for writing Net::DNS!
93Dave Crocker - for providing the spark necessary for me to pick up
94developement of dnswalk-2.0 again.
95
96