Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
May the source be with you, but remember the KISS principle ;-)
Skepticism and critical thinking is not panacea, but can help to understand the world better

DNS Audit Scripts

Old News ;-) See Also Recommended Links Audit_scripts Zone Generators
Classic tools
(nslookup, dig, etc)
Web-based tools DNS Security Humor Etc

DOC Checks the integrity of a domain; maintained by Brad Knowles. This version works with BIND 9, but there is also a version for BIND 8. (version 2.2.3 of 25-Jul-2001, checked 08-Sep-2004)

dnswalk - a DNS database debugger

dnswalk is a DNS database debugger. It works by initiating a zone transfer of a current zone, inspecting individual records for inconsistencies with other data, and generating warnings and errors. It is not a parser of DNS datafiles, it works strictly via existing DNS query methods on a "live" system (however dnswalk can be run on a separate nameserver which has data ready to move into production)

Here is dnswalk-2.0.2.tar.gz. You must use recent version of Perl, at least Perl 5.003. You MUST install Net::DNS, found either from a CPAN site or from Michael Fuhr, the Net::DNS author. Net::DNS also requires the Perl IO module, (for IO::Socket) at least IO-1.15.

[Perl] Sleuth

Sleuth is a simple Perl script for checking DNS zones for bugs and other inconsistencies. It should check all zone requirements mentioned in the corresponding RFCs plus several other common errors. The package also contains a trivial (but useful) WWW interface. is a command line script which will take a (sub)network entered by the user and check all the reverse DNS records for that network. scandns then checks the forward records of the hosts returned by the initial scan and reports any inconsistencies. This is quite useful for cleaning up old inverse records, as well as general network maintenance and security.

nslint -- checks DNS files for syntax errors

nslint is a lint-like program that checks DNS files for errors. DNS or Domain Name System generally maps names to IP addresses and E-mail addresses in a hierarchical fashion. Errors detected include missing trailing dots, illegal characters (RFC 1034), records without matching PTR records and vice-versa, duplicate names in a subnet, duplicate names for an address, names with cname records (RFC 1033), missing quotes, and unknown keywords.

i386 RPM: nslint-2.0.2-2.i386.rpm: 06 Apr 2001 23:17 (23272 bytes)
Source: nslint-2.0.2-2.src.rpm: 06 Apr 2001 23:17 (62842 bytes)

Dlint -- DNS error checking utility

Dlint analyzes any DNS zone you specify and reports any problems it finds by displaying errors and warnings. Then it descends recursively to examine all zones below the given one (this can be disabled with a command-line option).

See also Verify DNS records with Dlint on Linux

Tucows Downloads - Dlint 1.4.0 GPL Software

[Rubi] ZoneCheck

ZoneCheck is intended to help solve DNS misconfigurations or inconsistencies that are usually revealed by an increase in the latency of the application. The DNS is a critical resource for every network application, so it is quite important to ensure that a zone or domain name is correctly configured in the DNS.


The dnsutl package is a collection tools to make administering DNS easier.

h2n is a Perl script that can translate a host table (ex. /etc/hosts) into DNS zone files and check zone files for RFC violations or other potential problems.

Can be downloaded from:

DNS Hijacker

A libnet/libpcap-based DNS sniffer/spoofer.


dennis is an automated DNS builder. It takes an /etc/hosts style file and outputs information suitable for a bind 4/8 master and secondaries. This software is currently alpha, that is it works for me, I've cleaned up enough stuff to make dropping this into place not too hard for other sites but there remains a hefty chunk of work left to do. I would appreciate any offer to help since I do not have a lot of time to work on this. I have included a syntax checker to catch any potential problems.

[Rubi] DNSdoctor

DNSdoctor is a tool based on zonecheck that is intended to help with solving misconfigurations and inconsistencies in DNS zone files. It features a powerful configuration file, does not depend on policies, fine grained test selection (by test, categories, or zones), full IPv6 support (connectivity and AAAA records), and several input/output interfaces (CLI, GUI, CGI, and a dedicated mode for use inside shell scripts). It uses threads to cut down checking time and can be extended with new tests, interfaces, and reports, and features exception and cache mechanisms to simplify test writing.


The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D

Copyright 1996-2018 by Dr. Nikolai Bezroukov. was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) in the author free time and without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case is down you can use the at


The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March 12, 2019