NAME

check_zone - Check a DNS zone for errors

SYNOPSIS

check_zone [ -r ][ -v ] domain [ class ]

DESCRIPTION

Checks a DNS zone for errors. Current checks are:

  • Checks the domain's SOA from each of the domain's name servers. The SOA serial numbers should match. This program's output cannot be trusted if they do not.

  • Tries to perform an AXFR from each of the domain's name servers. This test helps to detect whether the name server is blocking AXFR.

  • Checks that all A records have corresponding PTR records. For each A record its PTR's name is match checked.

  • Checks that all PTR records match an A record (sometimes they match a CNAME). Check the PTR's name against the A record.

  • Checks that hosts listed in NS, MX, and CNAME records have A records. Checks for NS and CNAME records not pointing to another CNAME (i.e., they must directly resolve to an A record). That test may be somewhat controversial because, in many cases, a MX to a CNAME or a CNAME to another CNAME will resolve; however, in DNS circles it isn't a recommended practise.

  • Check each record processed for being with the class requested. This is an internal integrity check.

OPTIONS

-r

Perform a recursive check on subdomains.

-v

Verbose.

AUTHORS

Originally developed by Michael Fuhr (mfuhr@dimensional.com) and hacked--with furor--by Dennis Glatting (dennis.glatting@software-munitions.com).

COPYRIGHT

SEE ALSO

perl(1), axfr, check_soa, mx, perldig, Net::DNS

BUGS

A query for an A RR against a name that is a CNAME may not follow the CNAME to an A RR.

There isn't a mechanism to insure records are returned from an authoritative source.

There appears to be a bug in the resolver AXFR routine where, if one server cannot be contacted, the routine doesn't try another in its list.

2 POD Errors

The following errors were encountered while parsing the POD:

Around line 51:

'=item' outside of any '=over'

Around line 59:

You forgot a '=back' before '=head1'