Skip to content

Latest commit

 

History

History
157 lines (140 loc) · 10.4 KB

README.md

File metadata and controls

157 lines (140 loc) · 10.4 KB

dt

DNS tool that displays information about your domain.

Features

  • common records scanning (use -scan)
  • validate DNSSEC chain (use -debug to see more info)
  • change query speed for scanning (default 10 queries per second)
  • diagnostic of your domain (similar to intodns.com, dnsspy.io)
  • For implemented checks see #1

Feedback, issues and PR's are welcome.

Installing

Binaries

Binaries can be found here

Building

Go 1.17+ is required.

go install github.com/42wim/dt@master

You should now have dt binary in the bin directory:

$ ls ~/go/bin/
dt

Usage

Usage:
        dt [FLAGS] domain

Example:
        dt icann.org
        dt -debug ripe.net
        dt -debug -scan yourdomain.com

Flags:
  -debug
        enable debug
  -json
        output in JSON
  -qps int
        queries per seconds (per nameserver) (default 10)
  -resolver string
        use this resolver for initial domain lookup (default "8.8.8.8")
  -scan
        scan domain for common records
  -showfail
        only show checks that fail or warn

Running

./dt ripe.net
NS                      |IP                     |LOC |ASN        |ISP                                      |rtt          |Serial     |DNSSEC |ValidFrom    |ValidUntil
a3.verisigndns.com.     |69.36.145.33           |US  |ASN 36617  |AGTLD - VeriSign Global Registry Service |6.312503ms   |1492613104 |valid   |10 hours ago |4 weeks from now
                        |2001:502:cbe4::33      |US  |ASN 36622  |IGTLD - VeriSign Global Registry Service |12.844157ms  |1492613104 |valid   |10 hours ago |4 weeks from now
a1.verisigndns.com.     |209.112.113.33         |US  |ASN 36617  |AGTLD - VeriSign Global Registry Service |8.993407ms   |1492613104 |valid   |10 hours ago |4 weeks from now
                        |2001:500:7967::2:33    |US  |ASN 36622  |IGTLD - VeriSign Global Registry Service |12.03051ms   |1492613104 |valid   |10 hours ago |4 weeks from now
a2.verisigndns.com.     |209.112.114.33         |US  |ASN 36619  |CGTLD - VeriSign Global Registry Service |103.03539ms  |1492613104 |valid   |10 hours ago |4 weeks from now
                        |2620:74:19::33         |US  |ASN 36619  |CGTLD - VeriSign Global Registry Service |104.154197ms |1492613104 |valid   |10 hours ago |4 weeks from now
sns-pb.isc.org.         |192.5.4.1              |US  |ASN 3557   |ISC-AS - Internet Systems Consortium, In |5.563089ms   |1492613104 |valid   |10 hours ago |4 weeks from now
                        |2001:500:2e::1         |US  |ASN 3557   |ISC-AS - Internet Systems Consortium, In |11.509454ms  |1492613104 |valid   |10 hours ago |4 weeks from now
sec3.apnic.net.         |202.12.28.140          |AU  |ASN 4777   |APNIC-NSPIXP2-AS Asia Pacific Network In |253.352975ms |1492613104 |valid   |10 hours ago |4 weeks from now
                        |2001:dc0:1:0:4777::140 |AU  |ASN 4777   |APNIC-NSPIXP2-AS Asia Pacific Network In |266.28428ms  |1492613104 |valid   |10 hours ago |4 weeks from now
manus.authdns.ripe.net. |193.0.9.7              |NL  |ASN 197000 |RIPE-NCC-AUTHDNS-AS Reseaux IP Europeens |5.493287ms   |1492613104 |valid   |10 hours ago |4 weeks from now
                        |2001:67c:e0::7         |NL  |ASN 197000 |RIPE-NCC-AUTHDNS-AS Reseaux IP Europeens |11.403502ms  |1492613104 |valid   |10 hours ago |4 weeks from now
tinnie.arin.net.        |199.212.0.53           |US  |ASN 393225 |ARIN-PFS-IAD - ARIN Operations, US       |94.890834ms  |1492613104 |valid   |10 hours ago |4 weeks from now
                        |2001:500:13::c7d4:35   |US  |ASN 53535  |ARIN-PFS-ANYCAST - ARIN Operations, US   |96.854587ms  |1492613104 |valid   |10 hours ago |4 weeks from now
DNSSEC
         OK: DNSKEY validated. Chain validated
NS
         OK  : NS of all nameservers are identical
         OK  : Multiple nameservers found
         OK  : Your nameservers are in different subnets.
         OK  : Nameservers are spread over multiple AS
         OK  : IPv4 and IPv6 nameservers found.
         OK  : All nameservers are authoritative.
         OK  : All nameservers report they are not allowing recursive queries.
         OK  : Your nameservers are also listed as NS at the parent nameservers
         OK  : Your parent nameservers are also listed as NS at your nameservers
         OK  : No CNAMEs found for your NS records
GLUE
         WARN: no glue records found for [2001:500:2e::1 192.5.4.1] in NS of parent net.
         WARN: no glue records found for [2620:74:19::33 2001:500:2e::1 199.212.0.53 2001:502:cbe4::33 2001:dc0:1:0:4777::140 209.112.113.33 69.36.145.33 202.12.28.140 2001:500:7967::2:33 $09.112.114.33 192.5.4.1 2001:500:13::c7d4:35] in NS of ripe.net.
SOA
         OK  : SOA of all nameservers are identical
         WARN: Serial is not in the recommended format of YYYYMMDDnn.
         OK  : MNAME manus.authdns.ripe.net. is listed at the parent servers.
         OK  : Your nameservers have public / routable addresses.
MX
         OK  : MX of all nameservers are identical
         OK  : Multiple MX records found
         OK  : Your MX records have public / routable addresses.
         OK  : Your MX records resolve to different ips.
         OK  : No CNAMEs found for your MX records
         OK  : All MX records have reverse PTR records
Web
         OK  : Found a www record
         OK  : Found a root record
         OK  : Didn't find a CNAME for the root record
         OK  : Your www record has a public / routable address.
Spam
         WARN: No DMARC records found. Along with DKIM and SPF, DMARC helps prevent spam from your domain.
         WARN: No SPF records found. Along with DKIM and DMARC, SPF helps prevent spam from your domain.
./dt -debug ripe.net
DEBU[0000] validating ripe.net.
DEBU[0000] Asking NS (69.36.145.33) DNSKEY of ripe.net.
DEBU[0000] Trying validation RRSIG with DNSKEY AwEAAYXio3PIYXe4PqLmPGgemH52ZvUIDSdx+HkyoJW6SKuh82UFguzGh0xlbz5Dm5KenD2GG229/lSmU/+NvYeC+AFFB11dcoGr/5EZfb3kn+T+oaPbDyk6+tOcGJm8zHFVEP6lHi/hee5IbLQlngFpG5sf702/z5z/rQbm4OkuGPIz (flag 256, keytag 35431)
DEBU[0000] Validation failed
DEBU[0000] Trying validation RRSIG with DNSKEY AwEAAdYl56Gx3At/GI42bu2RmeQYWp3Y3WzjzYnM2h9c/twCjNa2bJPeIw2F9q+rOZhPugCn0+8X99XEmmJBvdBzaLTAZ3UsxXD1hKo1gwlpA0UUkJsUcgx51gqREEzEgUOLSB0oIwSopPpVOZRb9nfv2oNV1TvfXvAGmXLY+BnewBY5296Q/sEk8LhlkRAQuR1x25fjwxdyR+d2GC9+bjH+rXU54bOplRtTr7wCXMVV8CRkEaPRAuJpRNtUAX/IqpS3+A07BXPMHbvZAckmT1tuLNh4TG5auxxJ6a2ERj71FH7fbQODKuIWEL8oZgQB6Y3vevAUKAwjqjJsdGHt2oCpqn8= (flag 257, keytag 29740)
DEBU[0000] Validation succeeded
DEBU[0000] RRSIG validated (2017-04-29 11:02:59 +0200 CEST -> 2017-05-29 12:02:59 +0200 CEST)
DEBU[0000] Finding NS of parent: net.
DEBU[0000] Asking parent 192.43.172.30 (net.) DS of ripe.net.
DEBU[0000] parent DS digest: 570004384bf50cf787714ceb9e73de912d48cfc0e5c637785772d84bb50f85ae (keytag 29740)
DEBU[0000] child DS digest 570004384bf50cf787714ceb9e73de912d48cfc0e5c637785772d84bb50f85ae (keytag 29740)
DEBU[0000] ripe.net. validated

DEBU[0000] validating net.
DEBU[0000] Asking NS (192.26.92.30) DNSKEY of net.
DEBU[0000] Trying validation RRSIG with DNSKEY AQOYBnzqWXIEj6mlgXg4LWC0HP2n8eK8XqgHlmJ/69iuIHsa1TrHDG6TcOra/pyeGKwH0nKZhTmXSuUFGh9BCNiwVDuyyb6OBGy2Nte9Kr8NwWg4q+zhSoOf4D+gC9dEzg0yFdwT0DKEvmNPt0K4jbQDS4Yimb+uPKuF6yieWWrPYYCrv8C9KC8JMze2uT6NuWBfsl2fDUoV4l65qMww06D7n+p7RbdwWkAZ0fA63mXVXBZF6kpDtsYD7SUB9jhhfLQE/r85bvg3FaSs5Wi2BaqN06SzGWI1DHu7axthIOeHwg00zxlhTpoYCH0ldoQz+S65zWYi/fRJiyLSBb6JZOvn (flag 257, keytag 35886)
DEBU[0000] Validation succeeded
DEBU[0000] RRSIG validated (2017-04-20 18:33:57 +0200 CEST -> 2017-05-05 18:38:57 +0200 CEST)
DEBU[0000] Finding NS of parent: .
DEBU[0001] Asking parent 192.58.128.30 (.) DS of net.
DEBU[0001] parent DS digest: 7862b27f5f516ebe19680444d4ce5e762981931842c465f00236401d8bd973ee (keytag 35886)
DEBU[0001] child DS digest 7862b27f5f516ebe19680444d4ce5e762981931842c465f00236401d8bd973ee (keytag 35886)
DEBU[0001] net. validated

NS                      |IP                     |LOC |ASN        |ISP                                      |rtt          |Serial     |DNSSEC |ValidFrom    |ValidUntil
manus.authdns.ripe.net. |193.0.9.7              |NL  |ASN 197000 |RIPE-NCC-AUTHDNS-AS Reseaux IP Europeens |4.909712ms   |1493390344 |valid  |12 hours ago |4 weeks from now
                        |2001:67c:e0::7         |NL  |ASN 197000 |RIPE-NCC-AUTHDNS-AS Reseaux IP Europeens |11.205698ms  |1493390344 |valid  |12 hours ago |4 weeks from now
sns-pb.isc.org.         |192.5.4.1              |US  |ASN 3557   |ISC-AS - Internet Systems Consortium, In |4.502391ms   |1493390344 |valid  |12 hours ago |4 weeks from now
                        |2001:500:2e::1         |US  |ASN 3557   |ISC-AS - Internet Systems Consortium, In |11.525774ms  |1493390344 |valid  |12 hours ago |4 weeks from now
a3.verisigndns.com.     |69.36.145.33           |US  |ASN 36617  |AGTLD - VeriSign Global Registry Service |5.308344ms   |1493390344 |valid  |12 hours ago |4 weeks from now
                        |2001:502:cbe4::33      |US  |ASN 36623  |HGTLD - VeriSign Global Registry Service |12.050853ms  |1493390344 |valid  |12 hours ago |4 weeks from now
a1.verisigndns.com.     |209.112.113.33         |US  |ASN 26134  |BROAD-RUN-BORDER-AS - VeriSign Infrastru |5.11017ms    |1493390344 |valid  |12 hours ago |4 weeks from now
                        |2001:500:7967::2:33    |US  |ASN 36625  |KGTLD - VeriSign Global Registry Service |12.374661ms  |1493390344 |valid  |12 hours ago |4 weeks from now
a2.verisigndns.com.     |209.112.114.33         |US  |ASN 36619  |CGTLD - VeriSign Global Registry Service |10.563235ms  |1493390344 |valid  |12 hours ago |4 weeks from now
                        |2620:74:19::33         |US  |ASN 36625  |KGTLD - VeriSign Global Registry Service |16.876504ms  |1493390344 |valid  |12 hours ago |4 weeks from now
tinnie.arin.net.        |199.212.0.53           |US  |ASN 393225 |ARIN-PFS-IAD - ARIN Operations, US       |84.877944ms  |1493390344 |valid  |12 hours ago |4 weeks from now
                        |2001:500:13::c7d4:35   |US  |ASN 53535  |ARIN-PFS-ANYCAST - ARIN Operations, US   |83.173795ms  |1493390344 |valid  |12 hours ago |4 weeks from now
sec3.apnic.net.         |202.12.28.140          |AU  |ASN 4777   |APNIC-NSPIXP2-AS Asia Pacific Network In |257.939304ms |1493390344 |valid  |12 hours ago |4 weeks from now
                        |2001:dc0:1:0:4777::140 |AU  |ASN 4777   |APNIC-NSPIXP2-AS Asia Pacific Network In |258.446349ms |1493390344 |valid  |12 hours ago |4 weeks from now