Tools to manage DNS

This is a listing of tools to manage DNS and diagnose DNS problems. Many are primarily Unix, Linux and MacOS X tools, but the Perl scripts are mostly cross-platform. For primarily Windows tools, see the Windows Tools listing from Mark Symons (now seriously out of date).

If you know of a DNS tool that is not listed here, please let us know. (Providers of DNS management services are not included in this list.)

MD5 checksums are provided for the some of the freely available packages. The star (*) means that a recent version is included as a part of the BIND distribution.

See also the resources for DNS programming for tools useful to those writing code.

Basic diagnostics

These packages are (or should be) part of every DNS troubleshooting kit. Some of these have overlapping functionality; choose those that suit your needs. Personally I use dig whenever available, otherwise nslookup.

nslookup (*): Query name servers. Installed on many systems by default, which is why it is still hanging around. Watch out for old and broken versions (like the one that comes with Windows NT 4 and older versions of SunOS). Can be used in both interactive or batch mode. Most people prefer dig or host, given the choice, since nslookup output is more difficult to parse.
dig (*): Query name servers -- more general than nslookup, it is used by many other tools because its consistent output format is easy to parse automatically.
host (*): By Eric Wassenaar, meant as an evolution of nslookup and dig.

Overall diagnostics

These systems help in diagnosing problems by testing DNS data against heuristics of what DNS information should look like. No system will pick up all problems, but the most frequent problems will be easily spotted by tools such as dnswalk.

DNS Expert: Commercial DNS diagnostic utility from Men & Mice. This is the most comprehensive all-in-one diagnostic tool for DNS, and the reports it produces are also the easiest to understand. For Windows and MacOS only at this stage.
dnswalk (*): A massively useful Perl script by David Barr, for top-down checking of zone file information. Relies on being able to do zone transfers. See also RFC 1912, which was developed concurrently with this tool and which describes most of the kinds of problems it detects. (version 2.0.2 of 06-Oct-1997, checked 08-Sep-2004)
DOC (*): Checks the integrity of a domain; maintained by Brad Knowles. This version works with BIND 9, but there is also a version for BIND 8. (version 2.2.3 of 25-Jul-2001, checked 08-Sep-2004)
lamers (*): Originally by Bryan Beecher, to send out notices to servers that are generating lame delegations. Now maintained by Brad Knowles. (version of 14-Jul-1995, checked 08-Sep-2004)
nslint: By Craig Leres, to find problems in BIND style configuration files, including mismatched A/PTR records, missing trailing dots, and names with both CNAME and other records. (version 2.1a3 of 27-Nov-2001, checked 19-Nov-2004)
Sleuth: Checks DNS zones for errors, by Martin Mares. An online version of Sleuth is also available. (version 1.4-pre1 of 11-Feb-2004, checked 08-Sep-2004)
ZoneCheck: Source code for the ZoneCheck online zone checking tool from NIC France. (version 2.0.3 released 08-Mar-2004, checked 08-Sep-2004)

Network information management systems

These systems are designed for maintaining information about a network. DNS is generally an important part of their functionality, but most have strong features in IP address management and other areas also. Tools such as these are probably most suitable for larger, well-structured networks where the administrative overhead is more than justified by the reduced incidence of conflicts for IP addresses, DHCP leases and domain names.

Cisco Network Registrar: IP address space management system mostly aimed at Internet service providers, from Cisco. Includes a non-BIND DNS server and comprehensive DHCP support. (checked 02-Jun-2008)
DNS-DHCP scripts: Lightweight integration of the ISC DHCP server with BIND, using CGI scripts for Apache under Linux. From Peter Talbot. (checked 30-Sep-2007)
Ganymede: Flexible directory management system, written in Java. This is GASH version 2, and was last updated 01-Mar-2004. (checked 08-Sep-2004)
GASH: A prototype system administration framework including DNS administration. Last updated in 1995. See Ganymede for further work on this project.
IPplan: Open source (GPL) IP management system, including DNS administration, written in PHP. (checked 02-Jun-2008)
Men & Mice DNS Management Module: From Men & Mice. Provides centralized control of DNS: manages multiple BIND and Microsoft DNS server installations at one time. The user interface is well-thought out and helpful, and far superior to the user interface Microsoft supplies to manage their own DNS server. Although this can be run independently, see also Men & Mice Suite for the complete system. (checked 02-Jun-2008)
Men & Mice Suite: Multi-platform enterprise-class DNS/DHCP and IP address management system, from Men & Mice. Integrates with Microsoft Active Directory. Performs full analysis and monitoring; includes DNS Expert for troubleshooting. See Men & Mice DNS Management Module for a description of the DNS management functions of the Men & Mice Suite. (checked 02-Jun-2008)
NameSurfer: Commercial DNS management software with a web based interface from Nixu. (checked 08-Sep-2004)
NicTool: Open source (GPL) DNS management system, written in Perl, with both a Perl API and a web interface. Uses a MySQL backend database. (checked 26-May-2009)
Optivity NetID: Enterprise-scale software from Nortel Networks to manage IP addresses, DNS and DHCP, with a browser based interface. The DNS server component is based on BIND 8 running on Windows or Unix. (checked 08-Sep-2004)
Sauron: Open source (GPL) DNS and DHCP management system, written in Perl, with both command-line and web interfaces. Uses a PostgreSQL backend database. (checked 26-May-2009)
VitalQIP: Enterprise scale (ie. expensive) all-in-one system from Lucent for IP address space management, using a database engine to store address allocations. Integrates DHCP with DNS, providing realtime update of DNS information from DHCP. Built on top of the BIND DNS server. (checked 11-Apr-2004)
Webmin: Very popular free browser-based system administration package for Unix (including Linux and MacOS X). Includes modules to manage and maintain BIND 4.x or 8.x servers. The b9ddns module is available separately; this manages BIND 9 servers and supports dynamic zones. The Webmin system is built using Perl. (checked 11-Apr-2004)

Zone maintenance aids

These tools are useful in maintaining zone files. Their scope ranges from small-and-handy to substantial integrated zone management systems. Every site running a significant DNS installation will tend to accumulate tools like these; many sites write their own but it is worth looking at what others have produced before reinventing the wheel.

dnsadmin: Open source (GPL) stand-alone tools for DNS management, written in C. Uses a MySQL backend database. Last updated 16-Sep-2003. (checked 26-May-2009)
DNS Boss: Commercial zone maintenance tool for Solaris and Linux running BIND. Eccentric pricing policy: free for slave-only servers but starts at $4995 for servers that are master for some zones. (checked 13-Apr-2004)
DNStool 2.0: Zone maintenance framework from Gordon Rowell at Gormand. Source code is available.
gencidrzone: Perl script from Mathias Koerber. Generates IN-ADDR.ARPA reverse zones for classless networks (those that are not delegated on byte boundaries). (checked 10-Jan-2006)
h2n (*): Generates forward and reverse zone files from /etc/hosts; described in the cricket book. (checked 08-Oct-2004)
makezones: Perl based zone file maintenance aid from Philip Hazel. Creates forward and reverse zones from an input file containing directives; supports IPv6 AAAA records. (version 0.33 of 16-Oct-2000, checked 19-Nov-2004)
NSC: Utilities and M4 scripts for maintenance of zones, reverse zones (including classless delegations) and BIND configuration files by Martin Mares. (version 2.99b of 21-Dec-2003, checked 22-Feb-2004)
nsupdate: Sends UPDATE requests to name servers (see RFC 2136). This program is currently distributed with BIND without documentation. Here is brief documentation for nsupdate, courtesy of Ravindra R. Iyer. (checked 25-Feb-1999)
SENDS: By Paul Vixie, for managing a large namespace.
updatehosts: Generates DNS zone files and NIS tables from an ASCII host database, from Smoot Carl-Mitchell. Requires Perl. (checked 26-Feb-1999)
Utah Tools: A set of DNS management tools in use at the University of Utah.
webdns: Web-based DNS maintenance tool, written in Perl, by Henrik Nordström. This is based on code from Chris Lindblad and Matthew D. Stock.; (version 1.1.4 of 27-Sep-1999 and 2-alpha2 of 05-Jan-1999, checked 13-Apr-2004)
zsu: Perl script by András Salamon to increment zone serial numbers in a sensible way. Can form a useful part of a larger zone maintenance system that includes version control and error checking, or run it standalone to batch update serial numbers for lots of zones. (version 1.20 of 08-Aug-2004, checked 08-Sep-2004)

Miscellaneous tools

Interesting bits and pieces.

bindgraph: Perl script using the RRDtool graphing database to generate graphs for monitoring BIND server stats. By Marco d'Itri.
Brad's DNS Tools: A collection of DNS tools maintained by Brad Knowles, including the most recent versions of DOC, lamers, and dnsstats. (checked 08-Sep-2004)
dns-peers: Constructs BIND configuration file based on files of remote peers. For sites that exchange secondary service for many zones. Probably requires major updating to be useful. (version 1.0 of 02-Jun-1994, checked 19-Nov-2004)
dnsparse: Not reviewed yet.
GBIND Admin: Graphical frontend to BIND, to simplify creation and maintenance of the configuration file. (checked 12-Apr-2006)
Paul's tools: A good collection of useful utilities by Paul Balyoz: domtools, hiermap, dlint and cachebuild. (checked 08-Sep-2004)
Watch: A syslog watcher tool which maintains queues of DNS related events and summarises these.

Online tools

These tools exist online as Internet resources. Two main uses exist for these tools: when working on a system that has no DNS tools at all, or when local DNS is broken and an external perspective would be useful (for this second case, keep the IP addresses handy, or use the non-DNS links below). I cannot vouch for the way your data is used by these sites, so be careful about entering sensitive information.

Dig It: Online dig from Men & Mice. Here is a non-DNS link. (checked 08-Sep-2004)
Dig Gateway: Online dig from SpaceReg. Here is a non-DNS link. (checked 11-Apr-2004)
Dig web interface: Online dig from Martin Holk Rasmussen. (checked 06-Mar-2006)
DNS-Digger: Find siblings of a domain name in the DNS database, as well as listing other websites hosted on a machine, or those that share the same network prefix. (checked 10-Jul-2006)
Internet Query Tools: General Internet directory lookup from Demon Internet, including DNS and integrated access to WHOIS servers worldwide. Here is a non-DNS link. (checked 11-Apr-2004)
Netinfo at Berkeley: Menu-driven directory lookup tool, using dig for DNS. Requires telnet.
Sleuth: Online tool, checks DNS zones for errors, by Martin Mares. A downloadable version of Sleuth is also available. (version 1.4-pre1 of 30-Mar-2003, checked 08-Sep-2004)
ZoneCheck: Online zone checking tool from NIC France. Source code is available. (checked 08-Sep-2004)
List of public DNS servers: A list of DNS servers that allow recursive queries from anywhere on the Internet. (Most recursive servers are configured to only allow queries from the networks they serve.) (checked 06-Mar-2006)

System tools

Useful tools that are not specific to DNS.

Perl: A scripting language which is needed to run some of the tools listed here. Although Perl runs on most operating systems, some of the scripts mentioned here may rely on Unix-specific features and so may not work on other systems. If any of the Perl scripts listed above does not work on a non-Unix platform, please let us know. (checked 08-Sep-2004)

Last updated 15-Mar-2010