DNS tool v1.0.2 releases: display information about your domain

DNS tool

dt

DNS tool that displays information about your domain.

Features

  • common records scanning (use -scan)
  • validate DNSSEC chain (use -debug to see more info)
  • change query speed for scanning (default 10 queries per second)
  • diagnostic of your domain (similar to intodns.com, dnsspy.io)
  • For implemented checks see #1

Changelog v1.0.2

Installing

Binaries

Binaries can be found here

Building

Go 1.6.3+ is required. Make sure you have Go properly installed, including setting up your [GOPATH]

cd $GOPATH
go get github.com/42wim/dt
$ ls bin/
dt

Usage

Usage:
dt [FLAGS] domain

Example:
dt icann.org
dt -debug ripe.net
dt -debug -scan yourdomain.com

Flags:
-debug
enable debug
-json
output in JSON
-qps int
queries per seconds (per nameserver) (default 10)
-resolver string
use this resolver for initial domain lookup (default “8.8.8.8”)
-scan
scan domain for common records
-showfail
only show checks that fail or warn

Running

./dt ripe.net

NS |IP |LOC |ASN |ISP |rtt |Serial |DNSSEC |ValidFrom |ValidUntil
a3.verisigndns.com. |69.36.145.33 |US |ASN 36617 |AGTLD - VeriSign Global Registry Service |6.312503ms |1492613104 |valid |10 hours ago |4 weeks from now
|2001:502:cbe4::33 |US |ASN 36622 |IGTLD - VeriSign Global Registry Service |12.844157ms |1492613104 |valid |10 hours ago |4 weeks from now
a1.verisigndns.com. |209.112.113.33 |US |ASN 36617 |AGTLD - VeriSign Global Registry Service |8.993407ms |1492613104 |valid |10 hours ago |4 weeks from now
|2001:500:7967::2:33 |US |ASN 36622 |IGTLD - VeriSign Global Registry Service |12.03051ms |1492613104 |valid |10 hours ago |4 weeks from now
a2.verisigndns.com. |209.112.114.33 |US |ASN 36619 |CGTLD - VeriSign Global Registry Service |103.03539ms |1492613104 |valid |10 hours ago |4 weeks from now
|2620:74:19::33 |US |ASN 36619 |CGTLD - VeriSign Global Registry Service |104.154197ms |1492613104 |valid |10 hours ago |4 weeks from now
sns-pb.isc.org. |192.5.4.1 |US |ASN 3557 |ISC-AS - Internet Systems Consortium, In |5.563089ms |1492613104 |valid |10 hours ago |4 weeks from now
|2001:500:2e::1 |US |ASN 3557 |ISC-AS - Internet Systems Consortium, In |11.509454ms |1492613104 |valid |10 hours ago |4 weeks from now
sec3.apnic.net. |202.12.28.140 |AU |ASN 4777 |APNIC-NSPIXP2-AS Asia Pacific Network In |253.352975ms |1492613104 |valid |10 hours ago |4 weeks from now
|2001:dc0:1:0:4777::140 |AU |ASN 4777 |APNIC-NSPIXP2-AS Asia Pacific Network In |266.28428ms |1492613104 |valid |10 hours ago |4 weeks from now
manus.authdns.ripe.net. |193.0.9.7 |NL |ASN 197000 |RIPE-NCC-AUTHDNS-AS Reseaux IP Europeens |5.493287ms |1492613104 |valid |10 hours ago |4 weeks from now
|2001:67c:e0::7 |NL |ASN 197000 |RIPE-NCC-AUTHDNS-AS Reseaux IP Europeens |11.403502ms |1492613104 |valid |10 hours ago |4 weeks from now
tinnie.arin.net. |199.212.0.53 |US |ASN 393225 |ARIN-PFS-IAD - ARIN Operations, US |94.890834ms |1492613104 |valid |10 hours ago |4 weeks from now
|2001:500:13::c7d4:35 |US |ASN 53535 |ARIN-PFS-ANYCAST - ARIN Operations, US |96.854587ms |1492613104 |valid |10 hours ago |4 weeks from now
DNSSEC
OK: DNSKEY validated. Chain validated
NS
OK : NS of all nameservers are identical
OK : Multiple nameservers found
OK : Your nameservers are in different subnets.
OK : Nameservers are spread over multiple AS
OK : IPv4 and IPv6 nameservers found.
OK : All nameservers are authoritative.
OK : All nameservers report they are not allowing recursive queries.
OK : Your nameservers are also listed as NS at the parent nameservers
OK : Your parent nameservers are also listed as NS at your nameservers
OK : No CNAMEs found for your NS records
GLUE
WARN: no glue records found for [2001:500:2e::1 192.5.4.1] in NS of parent net.
WARN: no glue records found for [2620:74:19::33 2001:500:2e::1 199.212.0.53 2001:502:cbe4::33 2001:dc0:1:0:4777::140 209.112.113.33 69.36.145.33 202.12.28.140 2001:500:7967::2:33 $09.112.114.33 192.5.4.1 2001:500:13::c7d4:35] in NS of ripe.net.
SOA
OK : SOA of all nameservers are identical
WARN: Serial is not in the recommended format of YYYYMMDDnn.
OK : MNAME manus.authdns.ripe.net. is listed at the parent servers.
OK : Your nameservers have public / routable addresses.
MX
OK : MX of all nameservers are identical
OK : Multiple MX records found
OK : Your MX records have public / routable addresses.
OK : Your MX records resolve to different ips.
OK : No CNAMEs found for your MX records
OK : All MX records have reverse PTR records
Web
OK : Found a www record
OK : Found a root record
OK : Didn't find a CNAME for the root record
OK : Your www record has a public / routable address.
Spam
WARN: No DMARC records found. Along with DKIM and SPF, DMARC helps prevent spam from your domain.
WARN: No SPF records found. Along with DKIM and DMARC, SPF helps prevent spam from your domain.

Copyright 2017 42wim

Source: https://github.com/42wim/