Tools and Resources

Last modified: December 16, 2014

These are a few of the tools we use, and a few web sites that document many more tools. At the bottom is a list of books and other information resources.  Please note that it is your responsibility to check the licensing terms of any software you download.  We welcome suggestions for additions, or deletions (let us know if something we are linking to is inaccurate), or broken links.  Send any suggestions or corrections to web-request at isc dot org.

DNS Tools

DNS Traversal checker

IPv4 only, but we find it a very useful tool. http://dns.squish.net

BIND9.net Tools Directory

Jacco Tunnissen’s http://www.bind9.net site has a huge list of related tools and resources

The Measurement Factory tools

The  Measurement Factory offers several tools for DNS, including dnsdump, a Perl script like tcpdumpand several applications for collecting and displaying DNS statistics; dnstop, DSC (DNS Statistics Collector), and Traffic Gist.

DNSCheck

DNSCheck is a web site where you can submit a domain name, and the tool will run a number of checks, and report on delegation, consistency, connectivity, and DNSSEC signing. (This is being replaced by a new tool in development, called ZoneMaster)

DNSstuff

Web-based tools for domain checking, TLD look-up, DNS caching look-up from DNSstuff.com

SPF Record Testing

Web-based tool recommended on BIND-users, http://www.kitterman.com/spf/validate.html. “These tools are meant to help you deploy SPF records for your domain. They use an actual RFC 7208 compliant library (pyspf) for tests and will dynamically test for processing limit errors (no other testers I’m aware of do this).”

Gadmin-bind, GUI for BIND

From the Debian package description gadmin-bind is an easy to use GTK+ frontend for ISC BIND. It handles multiple domains and can switch from master to slave domain in three clicks. It can change the domain name for entire domains and subdomains, including domain resources such as MX, A, AAAA, CNAME, and NS.  gadmin-bind can also generate and set up secret keys for rndc, construct a chroot environment, and handle DDNS operations.”

Kloth.net

Kloth.net has half a dozen or so networking tools, including the ability to find your IP, query WHOIS, DNS lookup, ping, traceroute, or translate/convert an IP V4 address between dotted quad, decimal, hex and binary, do a PTR reverse lookup in the DNS, and search for location information, among others.

Microsoft ccTLD Registry Security Scan

At the DNS-OARC Spring 2014 workshop in Warsaw, Microsoft presented on a new free service they are offing to ccTLDs. Microsoft is offering a scan of ccTLD registry sites for a range of common security vulnerabilities. Since launching this, they have scanned 7 ccTLDs already and found over 130 serious security problems.  The results are reported privately to the ccTLD requesting the scan. Apply via email. Read about this program here.

Net::DNS

Net::DNS is a DNS resolver implemented in Perl. It allows the programmer to perform nearly any type of DNS query from a Perl script.”

Passive DNS

Passive DNS is a tool to collect DNS records passively to aid Incident handling, Network Security Monitoring (NSM) and general digital forensics.

ZSU

From the Comprehensive Perl Archive Network, a Zone Serial Update tool by Andras Salamon.

DNSSEC

Verisign DNSSEC debugger

ISOC DNSSEC Resources

Actively maintained resource with videos, how-to’s and deployment data.

DNSSEC.Net

A comprehensive listing of DNSSEC-related tools is available from DNSSEC.Net.

DNSViz

DNSViz provides a visual analysis of the DNSSEC authentication chain for a domain name and its resolution path in the DNS namespace, and it lists configuration errors detected by the tool.

DRILL

Drill is a very useful tool from NLNet Labs. It was designed with DNSSEC in mind and is a useful debugging/query tool for DNSSEC.

GetDNS

At the Spring 2014 DNS-OARC workshop, NLNet Labs introduced their new DNS API, GetDNS.  This API, and the library that implements it, are intended to provide access to DNSSEC validation to higher-level (non-DNS) applications, such as, for example, DKIM.

RIPE NCC

DNS key management tools for BIND 9 from RIPE NCC

DNSSEC validator from cz.NIC

Browser plug-in that does DNSSEC validation from your desktop. This is simple to install, simple to use and it gives you feedback right in your browser telling you whether the site you are connected to is DNSSEC signed.  Currently supports Internet Explorer, Mozilla Firefox, Google Chrome, Opera and Apple Safari browsers. Download from Mozilla or from cz.NIC.

DHCP and IPv6

BT Diamond IP IPv6 resources

DHCP Probe

dhcp probe attempts to discover DHCP and BootP servers on a directly-attached Ethernet network. A network administrator can use this tool to locate unauthorized DHCP and BootP servers.

ISC Forge

This is an open source validation environment for fully automated validation of  DHCPv4 and  DHCPv6 protocols compliance using Python, Lettuce and Scapy.  The project is hoted on GitHub.

BIND9.net/dhcp

DHCP Resources page from BIND9.net

How-To Guides

Books

Hard to Classify