Use nmap to check DNS configuration best practices

By | 2012/12/03

A new NSE script in nmap 6.25 checks DNS zone configuration best practices. I’ll show you how it works!


First, you will need nmap 6.25 (or later) installed: http://nmap.org/download.html


Now with nmap 6.25 installed, run the below command against a DNS server. In this example, I am checking the configuration of the zone google.com from Google’s public DNS server (8.8.8.8).

The NSE script to use is called: dns-check-zone

dns-check-zone
http://nmap.org/nsedoc/scripts/dns-check-zone.html
  Checks DNS zone configuration against best practices, including RFC 1912.
  The configuration checks are divided into categories which each have a number
  of different tests.

$ nmap -sn -Pn 8.8.8.8 --script dns-check-zone --script-args='dns-check-zone.domain=google.com'

Starting Nmap 6.25 ( http://nmap.org ) at 2012-12-03 08:10 EST
Nmap scan report for google-public-dns-a.google.com (8.8.8.8)
Host is up.

Host script results:
| dns-check-zone: 
| DNS check results for domain: google.com
|   NS
|     PASS - Recursive queries
|       None of the servers allow recursive queries.
|     PASS - Multiple name servers
|       Server has 4 name servers
|     PASS - DNS name server IPs are public
|       All DNS IPs were public
|     PASS - DNS server response
|       All servers respond to DNS queries
|     PASS - Missing nameservers reported by parent
|       All DNS servers match
|     PASS - Missing nameservers reported by your nameservers
|       All DNS servers match
|   SOA
|     PASS - SOA REFRESH
|       SOA REFRESH was within recommended range (7200s)
|     PASS - SOA RETRY
|       SOA RETRY was within recommended range (1800s)
|     PASS - SOA EXPIRE
|       SOA EXPIRE was within recommended range (1209600s)
|     PASS - SOA MNAME entry check
|       SOA MNAME record is listed as DNS server
|     PASS - Zone serial numbers
|       Zone serials match
|   MX
|     PASS - Reverse MX A records
|_      All MX records have PTR records

Nmap done: 1 IP address (1 host up) scanned in 4.05 seconds

Cool!

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.