DNS Verify Domain Script, Tool

The dns verify shell script will check hostnames to IP's. This script is intended for a private network, like a home LAN or internal corporate network.

The reason this script was created, was to make sure that you have the correct IP to hostname to IP resolution. If you have worked with the BIND enough, you may have made a mistake once or twice. You should have put the hostname in with one IP, and you put another, or you put an IP in one file but forgot to put it in the other. This script will show you those errors, and help you quickly fix them.

Configure the script

There are two decisions you need to make before using this script.

What ranges of IP's are we monitoring?

The variable NETS is a space separated list of all of the networks you want to monitor. In our example we are looking the 192.168.10, and 172.168.20 networks.

What sequence of IP's in $NETS are we checking?

The variable IPS is either going to be a list of IP's you want to check, or if you are using Linux, and have the binary seq installed. You can use the $(seq 1 254) function. For OpenBSD, and FreeBSD users, the binary jot will work like so, IPS=$(jot 254 1). The binary seq is short for sequence, and it will count from the first number, to the last in one step digits. This is nice if you want to go from 1 to 254 for example.

To check if seq is on your machine do a which seq, or run the line seq 1 10 to count from 1 to 10. If you have seq then you can comment out the variable IPS, and replace the line in the script for n in $IPS; do with for n in $(seq 1 254); do. The same check can be performed with jot.

Here's the dns_verify.sh shell script:

#!/bin/sh -
#### dns_verify.sh
#
NETS="192.168.10 172.168.20"
IPS=$(jot 254 1)  ## for OpenBSD or FreeBSD
#
# IPS=$(jot 254 1)  ## for OpenBSD or FreeBSD
# IPS=$(seq 1 10)  ## for Linux
# IPS=$(seq 1 254)  ## for Linux
#
echo
echo -e "	ip        ->     hostname      -> ip"
echo '--------------------------------------------------------'
for NET in $NETS; do
  for n in $IPS; do
    A=${NET}.${n}
    HOST=$(dig -x $A +short)
    if test -n "$HOST"; then
      ADDR=$(dig $HOST +short)
      if test "$A" = "$ADDR"; then
        echo -e "ok	$A -> $HOST -> $ADDR"
      elif test -n "$ADDR"; then
        echo -e "fail	$A -> $HOST -> $ADDR"
      else
        echo -e "fail	$A -> $HOST -> [unassigned]"
      fi
    fi
  done
done

echo ;
echo DONE!;

NOTE:
If you need assistance with the BIND. Then you might also be interested in our BIND 9 Administration, & Reference Manual. You can setup a fast and secure caching DNS server, or an Authoritative DNS server for your network with Bind Authoritative Caching DNS with DNSSEC.

So. What does the output look like?

If we have 10 IP's on the 192.168.10 network, and 10 IP's on the 172.168.20 network. The output of the script will look like the following. Notice all of the lines that say ok? If you see ok then everything is good. If you see fail, then take a look at the output line, and fix the BIND entry.

  user@machine: ./dns_verify.sh

          ip        ->     hostname      -> ip
  --------------------------------------------------------
  ok      192.168.10.1 -> host1.domain.lan. -> 192.168.10.1
  ok      192.168.10.2 -> host2.domain.lan. -> 192.168.10.2
  ok      192.168.10.3 -> host3.domain.lan. -> 192.168.10.3
  ok      192.168.10.4 -> host4.domain.lan. -> 192.168.10.4
  ok      192.168.10.5 -> dhca5.domain.lan. -> 192.168.10.5
  ok      192.168.10.6 -> dhca6.domain.lan. -> 192.168.10.6
  ok      192.168.10.7 -> dhca7.domain.lan. -> 192.168.10.7
  ok      192.168.10.8 -> dhca8.domain.lan. -> 192.168.10.8
  ok      192.168.10.9 -> dhca9.domain.lan. -> 192.168.10.9
  ok      192.168.10.10 -> dhca10.domain.lan. -> 192.168.10.10
  ok      172.168.20.1 -> host5.domain.lan. -> 172.168.20.1
  ok      172.168.20.2 -> host6.domain.lan. -> 172.168.20.2
  ok      172.168.20.3 -> host7.domain.lan. -> 172.168.20.3
  ok      172.168.20.4 -> host8.domain.lan. -> 172.168.20.4
  ok      172.168.20.5 -> dhcb5.domain.lan. -> 172.168.20.5
  ok      172.168.20.6 -> dhcb6.domain.lan. -> 172.168.20.6
  ok      172.168.20.7 -> dhcb7.domain.lan. -> 172.168.20.7
  ok      172.168.20.8 -> dhcb8.domain.lan. -> 172.168.20.8
  ok      172.168.20.9 -> dhcb9.domain.lan. -> 172.168.20.9
  ok      172.168.20.10 -> dhcb10.domain.lan. -> 172.168.20.10

  DONE!

Questions?

You mentioned this is used for internal use only. Why can't I use it on hosts on the Internet?

You can. The problem is this script does not limit the amount of dns calls it requests per second. If you run this on a host that is not your own it might look like an attack.

My ISP has given me a few IP's, but they are not in order!

No problem. Edit the $IPS variable, and enter just the IP's you want to check. For example, what if we had the IP's 10.0.0.1, 10.0.0.5, and 10.0.0.10. We could setup the $NETS variable as NETS="10.0.0", and the IP's as IPS="1 5 10".