NAME
check_zone - Check a DNS zone for errors
SYNOPSIS
check_zone
[ -r
][ -v
] domain [ class ]
DESCRIPTION
Checks a DNS zone for errors. Current checks are:
Checks the domain's SOA from each of the domain's name servers. The SOA serial numbers should match. This program's output cannot be trusted if they do not.
Tries to perform an AXFR from each of the domain's name servers. This test helps to detect whether the name server is blocking AXFR.
Checks that all A records have corresponding PTR records. For each A record its PTR's name is match checked.
Checks that all PTR records match an A record (sometimes they match a CNAME). Check the PTR's name against the A record.
Checks that hosts listed in NS, MX, and CNAME records have A records. Checks for NS and CNAME records not pointing to another CNAME (i.e., they must directly resolve to an A record). That test may be somewhat controversial because, in many cases, a MX to a CNAME or a CNAME to another CNAME will resolve; however, in DNS circles it isn't a recommended practise.
Check each record processed for being with the class requested. This is an internal integrity check.
OPTIONS
AUTHORS
Originally developed by Michael Fuhr (mfuhr@dimensional.com) and hacked--with furor--by Dennis Glatting (dennis.glatting@software-munitions.com).
COPYRIGHT
SEE ALSO
perl(1), axfr, check_soa, mx, perldig, Net::DNS
BUGS
A query for an A RR against a name that is a CNAME may not follow the CNAME to an A RR.
There isn't a mechanism to insure records are returned from an authoritative source.
There appears to be a bug in the resolver AXFR routine where, if one server cannot be contacted, the routine doesn't try another in its list.
2 POD Errors
The following errors were encountered while parsing the POD:
- Around line 51:
'=item' outside of any '=over'
- Around line 59:
You forgot a '=back' before '=head1'