Script dns-check-zone
Script types:
hostrule
Categories:
discovery, safe, external
Download: https://svn.nmap.org/nmap/scripts/dns-check-zone.nse
Script Summary
Checks DNS zone configuration against best practices, including RFC 1912. The configuration checks are divided into categories which each have a number of different tests.
Script Arguments
- dns-check-zone.domain
the dns zone to check
Example Usage
nmap -sn -Pn ns1.example.com --script dns-check-zone --script-args='dns-check-zone.domain=example.com'
Script Output
| dns-check-zone: | DNS check results for domain: example.com | SOA | PASS - SOA REFRESH | SOA REFRESH was within recommended range (7200s) | PASS - SOA RETRY | SOA RETRY was within recommended range (3600s) | PASS - SOA EXPIRE | SOA EXPIRE was within recommended range (1209600s) | FAIL - SOA MNAME entry check | SOA MNAME record is NOT listed as DNS server | PASS - Zone serial numbers | Zone serials match | MX | ERROR - Reverse MX A records | Failed to retrieve list of mail servers | NS | PASS - Recursive queries | None of the servers allow recursive queries. | PASS - Multiple name servers | Server has 2 name servers | PASS - DNS name server IPs are public | All DNS IPs were public | PASS - DNS server response | All servers respond to DNS queries | PASS - Missing nameservers reported by parent | All DNS servers match | PASS - Missing nameservers reported by your nameservers |_ All DNS servers match
Requires
Author:
License: Same as Nmap--See https://nmap.org/book/man-legal.html