File: README

package info (click to toggle)
dlint 1.4.0-8
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid
  • size: 236 kB
  • sloc: sh: 1,173; makefile: 94; perl: 89
file content (174 lines) | stat: -rw-r--r-- 6,772 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174

                         Dlint version 1.4.0
            A Domain Name Server Zone Verification Utility
       Copyright (C) 1993-1999 Paul A. Balyoz <pab@domtools.com>

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.


DESCRIPTION

This program analyzes any DNS zone you specify, and reports any problems it
finds by displaying errors and warnings.  Then it descends recursively to
examine all zones below the given one (this can be disabled with a command-
line option).  Designed for Unix, dlint is written in Bourne Shell and Perl.

Dlint is also available on the Internet from your web browser:

	http://www.domtools.com/

(this server imposes a timeout period; to lint a big zone, you should
install dlint yourself and use it locally - that's what this package is for).


WHAT DLINT REALLY CHECKS

    * for each nameserver of the given zone, if its domain name ends in
      "in-addr.arpa." then give a warning & ignore it.  This can happen
      in in-addr.arpa. zones when an NS record contains just a host name
      instead of the fully-qualified domain name.

    * for each host with an "A" resource record containing an IP address,
      there should be an equivalent PTR record pointing from the address
      back to the host.  Missing records and IP address mismatches are
      reported.  (exception: when it's really a domain instead of a host,
      there may not be a PTR record).

    * for each PTR resource record in an in-addr.arpa zone pointing to a host,
      there should be an equivalent "A" record for that host listing the same
      IP address.  Missing records and IP address mismatches are reported.

    * special warning if it detects a pound-sign on the front of a record
      (a common mistake: using "#" for comment symbol instead of ";").

Dlint will notice if there are subdomains (subzones), and recursively traverse
them, too, looking for problems.  This recursion can be disabled with a
command-line option.

You can run dlint on your own domains, or on somebody else's, because it uses
the standard DNS network protocol.  Dlint is very useful since most nameservers
do no more than syntax-check your database files.  Dlint's messages are very
informative and suggest ways to fix the problems, not just complain about them.

Dlint doesn't catch every kind of problem, just the ones listed here which
can cause strange host-access problems for you and for other sites trying
to reach your computer systems over the Internet.


REQUIREMENTS

   * DiG 2.1 or newer
   * Perl 5 or newer


INSTALLATION

    See file "INSTALL" for details.


RUNNING DLINT, READING ITS OUTPUT

Make sure "dig" is in your path.  Type "which dig" to see if it is.
If not, go and get DiG and install it now!  (see below)

	% dlint your.dom.ain.
or:
	% dlint 4.3.2.1.in-addr.arpa.

Dlint is fairly verbose; comment lines are preceded by semicolons (";").
Any line not commented out is something important: a warning or an error.

Not all warnings and errors are really problems - you need to use your best
judgment when considering making changes to your DNS database.  One warning you
might see which you can ignore is:

   WARNING: "localhost.cse.nau.edu. A 127.0.0.1": the PTR record for 1.0.0.127.in-addr.arpa. says "localhost."
        (one of the above two records might be wrong.)

This is not really a problem because Unix systems sometimes use records like
"localhost.cse.nau.edu." in their local domain to speed up "localhost"
address queries.  Every zone containing Unix machines should have one of
these fake "localhost" hosts in it with an address of 127.0.0.1.

Another warning that may not be a problem looks like this:

   WARNING: csenet.cse.nau.edu. has no A record, but that's OK only if it's a network or other special name instead of a host.

If that domain name is the name of a network or subnet at your site
and _not_ the name of an actual host (no single IP address is associated
with it), then ignore it.  If you know it's supposed to be a host, then
an A resource-record should be added to the zone it lives in.

If you see different output at different times for the same zone that you
know is not being modified, then get and run the Doc utility (see below)
over your domain first.  Some authoritative nameservers for the zone have
different copies of the zone database (check their SOA records).


FUTURE ENHANCEMENTS

 * Rewrite in Perl using Net::DNS

 * Lame delegation checking

 * CIDR support

 * IPv6 support

 * Character-set checking on all domain names

 * Detect duplicate domain components and report "missing end-period in zone
   file".  Example: host.cse.nau.edu.cse.nau.edu. should be host.cse.nau.edu.

 * Let user specify what server to query (command-line option)


SEE ALSO

 * Domain Obscurity Checker (DOC), which comes with BIND.  It checks for
   lame delegations and other problems with just your primary/secondary
   nameservers.  Solve those problems first, then run Dlint to get the best
   results.  If a zone is sufficiently misconfigured, Dlint has trouble
   producing useful information.  BIND comes from:

	http://www.isc.org/bind.html

 * FYI 27 - Tools for DNS Debugging.  http://www.landfield.com/rfcs/fyi/fyi27.html

 * RFC's on DNS, available at  http://www.landfield.com/rfcs/

	RFC 1032 - Domain Administrators Guide
	RFC 1033 - Domain Operations Administrators Guide
	RFC 1034 - Domain Names Concepts and Facilities
	RFC 1035 - Domain Names Implementation and Specification
	RFC 1101 - DNS Encoding of Network Names and Other Types
	RFC 1123 - Requirements for Internet Hosts
	RFC 1536 - Common DNS Implementation Errors and Fixes
	RFC 1713 - Tools for DNS Debugging
	RFC 1912 - Common DNS Operational and Configuration Errors
	RFC 2181 - Clarifications to the DNS Specification
	RFC 2182 - Selection and Operation of Secondary DNS Servers


DISTRIBUTION

    The latest version of Dlint can be found at the master site:

	http://www.domtools.com/

--
Paul Balyoz,  Unix Sysadmin and Programmer
Domtools Consulting                           pab@domtools.com
Phoenix Arizona, USA                          pbalyoz@jammed.com