Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

dlint(1) [debian man page]

DLINT(1)						      General Commands Manual							  DLINT(1)

NAME
dlint - Internet Domain Name System (DNS) error checking utility SYNOPSIS
dlint [ -n ] zone DESCRIPTION
DNS administrators can use dlint to scan recursively through the domain records of the fully-qualified zone zone, to get a report on any errors therein. You can scan a zone you own, or anyone else's zone on the Internet. dlint talks directly to a primary or secondary name- server for the zone, to make sure it's working with up-to-date information. dlint also suggests ways of fixing problems instead of just complaining about them like other debugging tools. The argument zone should always have an ending period to indicate it is a fully qualified domain name. OPTIONS
By default, dlint recursively traverses the entire hierarchy below the zone specified. The -n option may be used to disable recursive tra- versal, causing it to only examine the records in the given zone. Note that a zone may or may not contain any number of sub-domains (all of which will be checked with or without this option). EXAMPLES
example% dlint nau.edu. recursively scans the DNS records in zone nau.edu for problems. example% dlint 64.114.134.in-addr.arpa. recursively scans the DNS records associated with IP subnet 134.114.64.0 for problems. You had to already know that 134.114.0.0 was sub- netted. DIAGNOSTICS
The output from dlint is computer parsable, each line has a special meaning. Lines beginning with a semicolon (;) are comments only. Lines beginning with the phrase ``WARNING'' are useful information that you should consider. A warning is not necessarily an error, but may be a problem. Lines beginning with the phrase ``ERROR'' are definite errors and should be dealt with accordingly. EXIT STATUS
0 Successful run, no problems encountered with zone. 1 Successful run, worst problem with zone was a WARNING. 2 Successful run, worst problem with zone was an ERROR. 3 Usage error. 4 A signal interrupted the program run (i.e. user typed interrupt key sequence). BUGS
Dlint doesn't work behind some firewalls because it needs to talk to a root nameserver to get started. Dlint uses the zone transfer mechanism (AXFR) which some nameservers deny to unauthorized hosts. Other nameservers happily return zero records instead of an error, in response to an unauthorized AXFR! That is just wrong. AUTHOR
Paul Balyoz <pab@domtools.com> DISTRIBUTION
http://www.domtools.com/ COPYRIGHT
Copyright (C) 1993-1998 Paul A. Balyoz <pab@domtools.com> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MER- CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 18 July 1998 DLINT(1)

Check Out this Related Man Page

ldns-verifyzone(1)					      General Commands Manual						ldns-verifyzone(1)

NAME
ldns-verify-zone - read a DNSSEC signed zone and verify it. SYNOPSIS
ldns-verify-zone ZONEFILE DESCRIPTION
ldns-verify-zone reads a DNS zone file and verifies it. RRSIG resource records are checked against the DNSKEY set at the zone apex. Each name is checked for an NSEC(3), if appropriate. OPTIONS
-h Show usage and exit -a Apex only, check only the zone apex -e period Signatures may not expire within this period. Default no period is used. -i period Signatures must have been valid at least this long. Default signatures should just be valid now. -k file A file that contains a trusted DNSKEY or DS rr. This option may be given more than once. -p [0-100] Only check this percentage of the zone. Which names to check is determined randomly. Defaults to 100. -S Chase signature(s) to a known key. The network may be accessed to validate the zone's DNSKEYs. (implies -k) -t YYYYMMDDhhmmss | [+|-]offset Set the validation time either by an absolute time value or as an offset in seconds from the current time. -v Show the version and exit -V number Set the verbosity level (default 3): 0: Be silent 1: Print result, and any errors 2: Same as 1 for now 3: Print result, any errors, and the names that are being checked 4: Same as 3 for now 5: Print the zone after it has been read, the result, any errors, and the names that are being checked periods are given in ISO 8601 duration format: P[n]Y[n]M[n]DT[n]H[n]M[n]S If no file is given standard input is read. AUTHOR
Written by the ldns team as an example for ldns usage. REPORTING BUGS
Report bugs to <ldns-team@nlnetlabs.nl>. COPYRIGHT
Copyright (C) 2008 NLnet Labs. This is free software. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PUR- POSE. 27 May 2008 ldns-verifyzone(1)
Man Page

Featured Tech Videos