无人机蜂群>> okaydns>> 返回
项目作者: blinsay

项目描述 :
okay
高级语言: Go
项目地址: git://github.com/blinsay/okaydns.git
创建时间: 2018-02-26T20:45:31Z
项目社区:https://github.com/blinsay/okaydns
开源协议:
下载


OK

okdns is a command-line tool that runs some standard checks against the
authoritative nameservers for a domain.

When given a domain as a target, it runs a recursive query against your local
resolver to find the authoritative nameservers for that domain, and then runs
some checks against them.

  1. $ okdns blinsay.com
  2. Running checks for blinsay.com. using 2 nameservers:
  3.     dns1.registrar-servers.com. (216.87.155.33)
  4.     dns2.registrar-servers.com. (216.87.152.33)
  5. A record:                                ok
  6. A record (TCP):                          ok
  7. Not a CNAME:                             ok
  8. Handles 0x20 randomization:              ok
  9. Handles unknown question types:          ok
  10. SOA serials match:                       ok

Installing

Download the repo to your $GOPATH with go get and run make install.

OKAY

okaydns is a library used to write checks to see if your DNS is okay. okaydns
represents checks as functions that validate a set of DNS requests and
responses, and provides some standard tools for making that easier.

Check out the docs for more details.

Examples

A check that makes sure your domain has an A record at the root, has no CNAME
at the root, and that all of the nameservers give an authoritative response.

  1. var CheckA = okaydns.Check{
  2.     Name: "A",
  3.     Question: func(fqdn string) *dns.Msg {
  4.         return okaydns.NonRecursiveQuestion(fqdn, dns.TypeA)
  5.     },
  6.     Validators: []okaydns.RequestResponseValidator{
  7.         okaycheck.EachNameserver(
  8.             okaycheck.AuthoritativeResponse,
  9.             okaycheck.ResponseCode(dns.RcodeSuccess),
  10.             okaycheck.AnswerContains(dns.TypeA),
  11.             okaycheck.AnswerDoesNotContain(dns.TypeCNAME),
  12.         ),
  13.     },
  14. }

A check that makes sure the nameservers return an authoritative response for
SOA records and that every SOA record has the same serial.

  1. var CheckSOASerials = okaydns.Check{
  2.     Name: "SOA",
  3.     Question: func(fqdn string) *dns.Msg {
  4.         return okaydns.NonRecursiveQuestion(fqdn, dns.TypeSOA)
  5.     },
  6.     Validators: []okaydns.RequestResponseValidator{
  7.         okaycheck.EachNameserver(
  8.             okaycheck.AuthoritativeResponse,
  9.             okaycheck.ResponseCode(dns.RcodeSuccess),
  10.             okaycheck.AnswerContains(dns.TypeSOA),
  11.         ),
  12.         validateSerialsMatch,
  13.     },
  14. }
  16. func validateSerialsMatch(_ *dns.Msg, replies map[okaydns.Nameserver]*dns.Msg) (failures []okaydns.Failure) {
  17.     serials := make(map[uint32]struct{})
  19.     for _, reply := range replies {
  20.         for _, answer := range reply.Answer {
  21.             if soa, ok := answer.(*dns.SOA); ok {
  22.                 serials[soa.Serial] = struct{}{}
  23.             }
  24.         }
  25.     }
  27.     if len(serials) > 1 {
  28.         failures = append(failures, okaydns.Failure{Message: "SOA queries return more than one serial"})
  29.     }
  30.     return
  31. }