项目作者: blinsay

项目描述 :
okay
高级语言: Go
项目地址: git://github.com/blinsay/okaydns.git
创建时间: 2018-02-26T20:45:31Z
项目社区:https://github.com/blinsay/okaydns

开源协议:

下载


OK

okdns is a command-line tool that runs some standard checks against the
authoritative nameservers for a domain.

When given a domain as a target, it runs a recursive query against your local
resolver to find the authoritative nameservers for that domain, and then runs
some checks against them.

  1. $ okdns blinsay.com
  2. Running checks for blinsay.com. using 2 nameservers:
  3. dns1.registrar-servers.com. (216.87.155.33)
  4. dns2.registrar-servers.com. (216.87.152.33)
  5. A record: ok
  6. A record (TCP): ok
  7. Not a CNAME: ok
  8. Handles 0x20 randomization: ok
  9. Handles unknown question types: ok
  10. SOA serials match: ok

Installing

Download the repo to your $GOPATH with go get and run make install.

OKAY

okaydns is a library used to write checks to see if your DNS is okay. okaydns
represents checks as functions that validate a set of DNS requests and
responses, and provides some standard tools for making that easier.

Check out the docs for more details.

Examples

A check that makes sure your domain has an A record at the root, has no CNAME
at the root, and that all of the nameservers give an authoritative response.

  1. var CheckA = okaydns.Check{
  2. Name: "A",
  3. Question: func(fqdn string) *dns.Msg {
  4. return okaydns.NonRecursiveQuestion(fqdn, dns.TypeA)
  5. },
  6. Validators: []okaydns.RequestResponseValidator{
  7. okaycheck.EachNameserver(
  8. okaycheck.AuthoritativeResponse,
  9. okaycheck.ResponseCode(dns.RcodeSuccess),
  10. okaycheck.AnswerContains(dns.TypeA),
  11. okaycheck.AnswerDoesNotContain(dns.TypeCNAME),
  12. ),
  13. },
  14. }

A check that makes sure the nameservers return an authoritative response for
SOA records and that every SOA record has the same serial.

  1. var CheckSOASerials = okaydns.Check{
  2. Name: "SOA",
  3. Question: func(fqdn string) *dns.Msg {
  4. return okaydns.NonRecursiveQuestion(fqdn, dns.TypeSOA)
  5. },
  6. Validators: []okaydns.RequestResponseValidator{
  7. okaycheck.EachNameserver(
  8. okaycheck.AuthoritativeResponse,
  9. okaycheck.ResponseCode(dns.RcodeSuccess),
  10. okaycheck.AnswerContains(dns.TypeSOA),
  11. ),
  12. validateSerialsMatch,
  13. },
  14. }
  15. func validateSerialsMatch(_ *dns.Msg, replies map[okaydns.Nameserver]*dns.Msg) (failures []okaydns.Failure) {
  16. serials := make(map[uint32]struct{})
  17. for _, reply := range replies {
  18. for _, answer := range reply.Answer {
  19. if soa, ok := answer.(*dns.SOA); ok {
  20. serials[soa.Serial] = struct{}{}
  21. }
  22. }
  23. }
  24. if len(serials) > 1 {
  25. failures = append(failures, okaydns.Failure{Message: "SOA queries return more than one serial"})
  26. }
  27. return
  28. }