check_zone - Check a DNS zone for errors
check_zone [ -r ][ -v ] domain [ class ]
Checks a DNS zone for errors.
Current checks are:
- Checks the domain's SOA from each of the domain's name servers.
The SOA serial numbers should match.
This program's output cannot be trusted if they do not.
- Tries to perform an AXFR from each of the domain's name servers.
This test helps to detect whether the name server is blocking AXFR.
- Checks that all A records have corresponding PTR records.
For each A record its PTR's name is match checked.
- Checks that all PTR records match an A record (sometimes they match a CNAME).
Check the PTR's name against the A record.
- Checks that hosts listed in NS,
MX,
and CNAME records have A records.
Checks for NS and CNAME records not pointing to another CNAME (i.e.,
they must directly resolve to an A record).
That test may be somewhat controversial because,
in many cases,
a MX to a CNAME or a CNAME to another CNAME will resolve; however,
in DNS circles it isn't a recommended practise.
- Check each record processed for being with the class requested.
This is an internal integrity check.
-r-
Perform a recursive check on subdomains.
-v-
Verbose.
Originally developed by Michael Fuhr (mfuhr@dimensional.com) and hacked--with furor--by Dennis Glatting (dennis.glatting@software-munitions.com).
perl(1),
axfr,
check_soa,
mx,
perldig,
Net::DNS
A query for an A RR against a name that is a CNAME may not follow the CNAME to an A RR.
There isn't a mechanism to insure records are returned from an authoritative source.
There appears to be a bug in the resolver AXFR routine where,
if one server cannot be contacted,
the routine doesn't try another in its list.
