Script dns-check-zone

Script types: hostrule
Categories: discovery, safe, external
Download: https://svn.nmap.org/nmap/scripts/dns-check-zone.nse

Script Summary

Checks DNS zone configuration against best practices, including RFC 1912. The configuration checks are divided into categories which each have a number of different tests.

Script Arguments

dns-check-zone.domain

the dns zone to check

Example Usage

nmap -sn -Pn ns1.example.com --script dns-check-zone --script-args='dns-check-zone.domain=example.com'

Script Output

| dns-check-zone:
| DNS check results for domain: example.com
|   SOA
|     PASS - SOA REFRESH
|       SOA REFRESH was within recommended range (7200s)
|     PASS - SOA RETRY
|       SOA RETRY was within recommended range (3600s)
|     PASS - SOA EXPIRE
|       SOA EXPIRE was within recommended range (1209600s)
|     FAIL - SOA MNAME entry check
|       SOA MNAME record is NOT listed as DNS server
|     PASS - Zone serial numbers
|       Zone serials match
|   MX
|     ERROR - Reverse MX A records
|       Failed to retrieve list of mail servers
|   NS
|     PASS - Recursive queries
|       None of the servers allow recursive queries.
|     PASS - Multiple name servers
|       Server has 2 name servers
|     PASS - DNS name server IPs are public
|       All DNS IPs were public
|     PASS - DNS server response
|       All servers respond to DNS queries
|     PASS - Missing nameservers reported by parent
|       All DNS servers match
|     PASS - Missing nameservers reported by your nameservers
|_      All DNS servers match

Requires


Author:

  • Patrik Karlsson

License: Same as Nmap--See https://nmap.org/book/man-legal.html