15.3 Using DNSLint

DNSLint, which we introduced back in Chapter 8, can also come in handy when you're troubleshooting. In Chapter 8, we mostly used it to verify the registration of records by Domain Controllers. But DNSLint can also come in handy in detecting delegation problems, as we showed in Chapter 9.

To use DNSLint to check delegation, use the /d command-line option. Specify the domain name of the zone whose delegation you'd like to check as the argument. For example:

C:\> dnslint /d movie.edu

This produces a report on movie.edu's delegation, displayed in a browser window. If you're checking a zone that's not registered on the InterNIC's whois servers (i.e., a subdomain of com or net), you'll also need to specify the /s option and, as an argument, the IP address of a name server authoritative for the zone.

By default, DNSLint checks DNS over UDP. You can instruct it to test DNS over TCP, too, using the /test_tcp option.

Finally, you can use the /c option to tell DNSLint to check connectivity to the mail ports (SMTP, POP, and IMAP, by default) on the mail servers it finds for the zone. If you don't want it to check all three, you can enumerate the protocols to check after the option; for example:

C:\> dnslint /d movie.edu /c smtp,imap

Here's some sample DNSLint output (in text format, generated using /t):

DNSLint Report

System Date: Sat Jul 05 18:58:05 2003

Command run:

dnslint /d fx.movie.edu /t /s 192.253.254.2 /c smtp


Domain name tested:

fx.movie.edu


DNS servers were identified as authoritative for the domain:


DNS server: bladerunner.fx.movie.edu
IP Address: 192.253.254.2
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: bladerunner.fx.movie.edu
Hostmaster: administrator.fx.movie.edu
Zone serial number: 10
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds

Additional authoritative (NS) records from server:
outland.fx.movie.edu   192.253.254.3
bladerunner.fx.movie.edu   192.253.254.2


Mail Exchange (MX) records from server (preference/name/IP address):
100 wormhole.movie.edu 192.253.253.1
10 starwars.fx.movie.edu 192.253.254.4

DNS server: outland.fx.movie.edu
IP Address: 192.253.254.3
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: bladerunner.fx.movie.edu
Hostmaster: administrator.fx..movie.edu
Zone serial number: 10
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds

Additional authoritative (NS) records from server:
outland.fx.movie.edu   192.253.254.3
bladerunner.fx.movie.edu   192.253.254.2


Mail Exchange (MX) records from server (preference/name/IP address):
10 starwars.fx.movie.edu 192.253.254.4
100 wormhole.movie.edu 192.253.253.1

Network Connectivity Tests

E-mail server: starwars.fx.movie.edu
IP address: 192.253.254.4

SMTP response: 220 starwars.fx.movie.edu ESMTP Postfix

POP response: Not Tested
IMAP response: Not Tested

E-mail server: wormhole.movie.edu
IP address: 192.253.253.1

SMTP response: 220 wormhole.movie.edu ESMTP Postfix

POP response: Not


 Tested
IMAP response: Not Tested

============================================