ZoneCheck 2.0.4 review

Download
by rbytes.net on

License: GPL (GNU General Public License)
File size: 237K
Developer: ZoneCheck Team
0 stars award from rbytes.net

The DNS is a critical resource for every network application, quite important to ensure that a zone or domain name is correctly configured in the DNS.

ZoneCheck is intended to help solving misconfigurations or inconsistencies usually revealed by an increase in the latency of the application, up to the output of unexpected/inconsistant results.

You can let ZoneCheck select the best test set to apply when checking a zone (for example, a specific profile for reverse delegation when under .ip6.arpa or .in-addr.arpa, or a profile used by AFNIC for zone under .fr); but on the other hand, you can also force the use of a particular profile (for example you could create an RFC compliance checking profile).

Here are some key features of "ZoneCheck":
Powerfull XML based configuration file (allowing changes in test severity, order, zone of application, ...)
Does not depend on policies
Fine grained test selection (by test, by categories, by zones)
Full IPv6 support (connectivity and AAAA records)
Supports several input/output interfaces such as CLI, CGI, GUI, inetd
Dedicated mode for use inside shell scripts
Batch mode available (ideal when dealing with several domains)
Use of stylesheets for easy integration and javascript for enhancement only
Generates reports either by severity or by hosts
I18N and L10N support (available: French, English)
Multi-threaded application in order to cut down checking time
Extensible: new tests, new interfaces, new reports, ...
Exception and cache mechanisms to simplify test writting
Open source


List of available tests

The tests listed below are all available in ZoneCheck, but that doesn't mean they will all be used, this decision is left to the configuration file.

ICMP answer
UDP connectivity
TCP connectivity
address in a private network
address shouldn't be part of a bogon prefix
illegal symbols in domain name
dash ('-') at start or beginning of domain name
double dash in domain name
one nameserver for the domain
at least two nameservers for the domain
identical addresses
nameserver's addresses on same subnet
nameserver addresses are all on the same subnet
delegation response fit in a 512 byte UDP packet
delegation response with additional fit in a 512 byte UDP packet
NS record present
NS authoritative answer
NS name has a valid domain/hostname syntax
NS is not an alias
coherence between NS and ANY records
NS can be resolved
root servers list present
root servers list identical to ICANN
root servers addresses identical to ICANN
SOA record present
SOA authoritative answer
missused '@' characters in SOA contact name
illegal characters in SOA contact name
illegal characters in SOA master nameserver
fully qualified master nameserver in SOA
serial number of the form YYYYMMDDnn
SOA 'refresh' at least 6 hours
SOA 'retry' lower than 'refresh'
SOA 'retry' at least 1 hour
SOA 'expire' at least 7 days
SOA 'expire' at least 7 times 'refresh'
SOA 'minimum' less than 1 day
SOA master is not an alias
coherence between SOA and ANY records
coherence of serial number with primary nameserver
coherence of administrative contact with primary nameserver
coherence of master with primary nameserver
coherence of SOA with primary nameserver
loopback delegation
loopback is resolvable
delegated domain is not an openrelay
domain of the hostmaster email is not an openrelay
can deliver email to 'postmaster'
can deliver email to hostmaster
hostmaster MX is not an alias
domain able to receive email (delivery using MX, A, AAAA)
test if mail delivery possible
nameserver IP reverse
nameserver IP reverse matching nameserver name
check if server is really recursive
nameserver doesn't allow recursion
given primary nameserver is primary
correctness of given nameserver list
test if server is recursive
MX record present
MX authoritative answer
MX syntax is valid for an hostname
MX is not an alias
absence of wildcard MX
MX can be resolved
coherence between MX and ANY records
behaviour against AAAA query
nameservers belong all to the same AS
address shouldn't be part of a bogon prefix

Requirements:
ruby (version 1.8)

ZoneCheck 2.0.4 keywords