DNSWalk

Posted in Information Gathering, Hacking Tools, DNS

0.0/5 rating (0 votes)

Linux *BSD OS X Windows Command-line interface Source code

DNSWalk is a DNS debugger. It performs zone transfers of specified domains, and checks the database in numerous ways for internal consistency, as well as accuracy.

DNSWalk requires perl and the Net::DNS Perl package. If you do not have these, get them. (perl is assumed to be in /usr/local/bin, edit the first line of dnswalk if it is not)

They can be found by at:

http://www.perl.com/perl

DNSWalk used to require 'dig' (part of the BIND distribution). However, different versions of dig gave output which was ever so slightly different, causing dnswalk to break. (This is usually easy to fix, even in a backward-compatible fashion, but it was annoying nonetheless) Also, using an external program made error checking more difficult and not very reliable. Since error checking is the heart of what dnswalk is about, this wasn't good. I finally got off my duff and ported dnswalk to Michael Fuhr's Net::DNS package, something I've been wanting to do for a while. (actually another reason I waited so long was the Net::DNS package wasn't complete enough initially for for a complete port.)

DNSWalk is not for the faint of heart. It should NOT be used without a firm knowledge of the DNS RFC's. The warnings and errors must be interpreted within the context they are being used. Something may be flagged as a warning, but in reality it is a really bad error. Conversely dnswalk will flag things as warnings and possibly even errors, but they may actually be perfectly "legal" or normal in your specific situation. dnswalk is not an AI engine. It just provides useful information which you need to interpret. If you use this tool for cracking or otherwise evil purposes, the author hereby considers you a slime-ball. See the end of this README file for a list of good reading material.

DNSWalk is not a replacement for doc, although dnswalk is starting to incorporate some of the things doc checks for. dnswalk was written to check individual database entries, while 'doc' ensures that the overall database structure and authority records are consistent. dnswalk may not even function correctly (or find real problems) if authority records are missing or incorrect.

This program may be freely distributed, as long as this notice and documentation are distributed with the program. This program is released as-is, with no warranty expressed or implied. Some assembly required, contents may settle during shipment. More information of this program can be found at

http://www.cis.ohio-state.edu/~barr/dnswalk

DNSWalk tends to produce lots of output, redirecting this into a file of your choice. For larger domains, use the included 'do-dnswalk' script as a guide.

Please refer to the man page on what dnswalk checks for, and the format of the output.

This program was originally tested with data from the psu.edu domain. If your site does things differently than the way we do things, then you may see it report things as errors, when in fact they are "okay". If you notice something not being reported, or something reported that is not an error, please send me output! I fully admit that I'm not an expert in DNS and the requirements. My rules tend to be skewed to my personal feelings about what "nice" DNS databases look like. Others are free to differ.

Download Now

DNSWalk was written to check individual database entries, dnswalk may not even function correctly (or find real problems) if authority records are missing or incorrect.

A Zone Transfer is the term used to refer to the process by which the contents of a DNS Zone file are copied from a primary DNS server to a secondary DNS server.

DNSWalk Help and Options

Type "./dnswalk --help"



Now type "./dnswalk security-science.com."

Remember to put a . after the domain name, hit enter

You might get something like this.

The attempt FAILED and REFUSED by the server because by default these days zone transfers are set to disabled unless and until the admin enables it.



Let's try other domain: informatica.com

Type "./dnswalk -Fradli informatica.com."



Saving DNSWalk results into a file.

Type "./dnswalk -Fradli informatica.com. > dnswalk-log.txt"



If path is not specified, the log file shall be saved in the DNSWalk installation folder.



Sample log file content: Checking informatica.com.
SOA=xbru.br.ns.els-gms.att.net contact=rm-hostmaster.ems.att.com
WARN: akamai-ftp3.informatica.com CNAME akamai-ftp3.informatica.com.srip.net: unknown host
WARN: appseur.informatica.com A 195.70.95.51: no PTR record
WARN: brown.informatica.com A 203.92.60.131: no PTR record
WARN: calendar.informatica.com CNAME ghs.google.com: CNAME (to ghs.l.google.com)
WARN: coe.informatica.com A 12.148.137.71: no PTR record
WARN: coe2.informatica.com A 12.148.137.72: no PTR record
WARN: coe3.informatica.com A 12.148.137.75: no PTR record
WARN: coe4.informatica.com A 12.148.137.76: no PTR record
WARN: coe5.informatica.com A 12.148.137.78: no PTR record
WARN: communities-test.informatica.com A 12.108.189.247: no PTR record
WARN: communities-test2.informatica.com A 12.108.189.251: no PTR record
WARN: community.informatica.com CNAME community.informatica.com.edgekey.net: CNAME (to e4046.b.akamaiedge.net)
WARN: community-test.informatica.com CNAME community-test.informatica.com.edgekey.net: CNAME (to e4045.b.akamaiedge.net)
WARN: demo.informatica.com A 12.148.137.70: no PTR record
WARN: docs.informatica.com CNAME ghs.google.com: CNAME (to ghs.l.google.com)
WARN: download.informatica.com CNAME download.informatica.com.edgesuite.net: CNAME (to a567.d.akamai.net)
WARN: download-test.informatica.com CNAME download.informatica.com.edgesuite-staging.net: CNAME (to a567.d.akamai-staging.net)
WARN: esftp.informatica.com CNAME esftp.informatica.com.edgesuite.net: CNAME (to a1081.g.akamai.net)
WARN: euftp.informatica.com A 195.238.249.21: no PTR record
WARN: eumailweb.informatica.com A 195.238.249.41: no PTR record
WARN: eumailwebtest.informatica.com A 195.238.249.41: no PTR record
WARN: forums.informatica.com A 12.108.189.143: no PTR record
WARN: fruit.informatica.com A 195.70.95.50: no PTR record
WARN: gmail.informatica.com CNAME ghs.google.com: CNAME (to ghs.l.google.com)
WARN: guestportal.informatica.com A 1.1.1.1: no PTR record
WARN: gw.informatica.com A 12.108.189.10: no PTR record
WARN: indiamail.informatica.com A 203.92.60.132: no PTR record
WARN: indiamailtest.informatica.com A 203.92.60.137: no PTR record
WARN: invpn.informatica.com A 203.92.60.141: no PTR record
WARN: ipssurvey.informatica.com A 216.34.99.114: no PTR record
WARN: iwww1.informatica.com A 203.92.60.136: no PTR record
WARN: jpremote.informatica.com A 210.81.4.62: no PTR record
WARN: jpremote-jvm.informatica.com A 210.81.4.61: no PTR record
WARN: mailext1.informatica.com A 195.238.249.4: no PTR record
WARN: mappings.informatica.com A 12.108.189.141: no PTR record
WARN: media.informatica.com A 12.108.189.124: no PTR record
WARN: milano.informatica.com A 12.148.137.77: no PTR record
WARN: ms88441869.informatica.com CNAME ps.microsoftonline.com: CNAME (to prd-osdp-bposps-w14.glbdns.microsoft.com)
WARN: my.informatica.com CNAME my.informatica.com.edgesuite.net: CNAME (to a738.g.akamai.net)
WARN: ak.my-prod.informatica.com CNAME ak.my-prod.informatica.com.edgekey.net: CNAME (to e19.g.akamaiedge.net)
WARN: my-prod2.informatica.com CNAME my-prod.informatica.com.edgekey.net: unknown host
WARN: my-rd-wiki.informatica.com A 12.108.189.46: points to my-rd-wiki
WARN: my-test.informatica.com CNAME my-test.informatica.com.edgekey.net: unknown host
WARN: my-test2.informatica.com CNAME my-test.informatica.com.edgekey.net: unknown host
WARN: myinformatica.informatica.com CNAME my.informatica.com.edgesuite.net: CNAME (to a738.g.akamai.net)
WARN: mytest.informatica.com CNAME mytest.informatica.com.edgesuite.net: CNAME (to a465.g.akamai.net)
WARN: origin-community.informatica.com A 12.108.189.176: no PTR record
WARN: origin-download1.informatica.com A 12.108.189.252: no PTR record
WARN: owa2003.informatica.com A 12.108.189.160: no PTR record
WARN: coe.pc.informatica.com A 12.148.137.72: no PTR record
WARN: psv23smp02.informatica.com A 12.108.189.86: no PTR record
WARN: purple.informatica.com A 195.238.249.240: no PTR record
WARN: search.informatica.com A 12.108.189.125: no PTR record
WARN: sites.informatica.com CNAME ghs.google.com: CNAME (to ghs.l.google.com)
WARN: sslmail.informatica.com A 12.108.189.131: no PTR record
WARN: start.informatica.com CNAME ghs.google.com: CNAME (to ghs.l.google.com)
WARN: test-esftp.informatica.com CNAME test-esftp.informatica.com.edgesuite.net: CNAME (to a1157.g.akamai.net)
WARN: test-www.informatica.com CNAME www.informatica.com.edgesuite.net: CNAME (to a983.b.akamai.net)
WARN: tsftp.informatica.com A 12.108.189.128: no PTR record
WARN: ukmail.informatica.com A 195.238.249.22: no PTR record
WARN: ukremote.informatica.com A 195.238.249.32: no PTR record
WARN: ukremote-jvm.informatica.com A 195.238.249.33: no PTR record
WARN: ukremote-test.informatica.com A 195.238.249.30: no PTR record
WARN: ukvpn.informatica.com A 195.238.249.51: no PTR record
WARN: video.informatica.com CNAME ghs.google.com: CNAME (to ghs.l.google.com)
WARN: wave.informatica.com CNAME ghs.google.com: CNAME (to ghs.l.google.com)
WARN: webseminar.informatica.com A 205.243.147.102: no PTR record
WARN: webtime.informatica.com A 195.70.95.57: no PTR record
WARN: white.informatica.com A 203.222.170.174: no PTR record
WARN: www.informatica.com CNAME www.informatica.com.edgesuite.net: CNAME (to a983.b.akamai.net)
WARN: www11.informatica.com A 12.108.189.111: no PTR record
WARN: www12.informatica.com A 12.108.189.112: no PTR record
WARN: www7.informatica.com A 12.108.189.107: no PTR record
WARN: www8.informatica.com A 12.108.189.108: no PTR record
WARN: wwwnew.informatica.com CNAME www.informatica.com.edgesuite.net: CNAME (to a983.b.akamai.net)
Usage: dnswalk [-OPTIONS [-MORE_OPTIONS]] [--] [PROGRAM_ARG1 ...]

The following single-character options are accepted:
With arguments: -D
Boolean (without arguments): -r -f -i -a -d -m -F -l

Options may be merged together. -- stops processing of options.
Space is not required between options and their arguments.
[Now continuing due to backward compatibility and excessive paranoia.
See "perldoc Getopt: :Std" about $Getopt: :Std: :STANDARD_HELP_VERSION.]

Syntax: dnswalk domain
domain MUST end with a '.'

Options:
-r Recursively descend sub-domains of the specified domain. Use with care.
-a Turn on warning of duplicate A records. (see below)
-d Print debugging and status information to stderr. (Use only if redirecting stdout) See DIAGNOSTICS section.
-m Perform checks only if the zone has been modified since the previous run.
-F perform fascist checking. When checking an A record, compare the PTR name for each IP address with the forward name and report mismatches.
-i Suppress check for invalid characters in a domain name. (see below)
-l Perform lame delegation checking. For every NS record, check to see that the listed host is indeed returning authoritative answers for this domain.

Please be sure that you close with a (.) www.security-science.com (.)


Example:

dnswalk -R-f-i-a-d-m-F-l www.security-science.com. > log.txt
A quick demo of DNSWalk.

DNSWalk is included with the Backtrack CD.

Dim lights Embed Embed this video on your site

Social Bookmarks

Comments (0)

Leave a comment

Please login to leave a comment. Optional login below.