dnswalk

dnswalk [-i] [-d level] [-n] [-r] [-s] [-t type] [-v] domain

domain
    The domain name to walk and check.

-i
    Interactive mode: ask before resolving each name.
This is useful if you are behind a firewall and the tool tries to resolve external domain names.

-d level
    Set debugging level.
Higher levels produce more verbose output. Level is an integer.

-n
    Don't look up address records (A or AAAA).
This can speed up the walk and avoid resolving to untrusted hosts.

-r
    Resolve NS records to hostnames.
Usually dnswalk stops at the NS records.

-s
    Silent mode: only report errors.
Suppresses normal verbose output.

-t type
    Limit queries to the specified record type.
for example: -t A

-v
    Be verbose - equivalent to -d 1

dnswalk is a command-line tool used to debug DNS configurations and verify the correctness of DNS zone transfers.

It recursively queries a DNS server for all records related to a specified domain, checking for inconsistencies, errors, and potential security vulnerabilities.

This tool is valuable for administrators managing DNS zones, troubleshooting DNS resolution problems, and auditing DNS configurations for compliance. It performs numerous checks, including verifying SOA records, NS records, MX records, and other resource records, ensuring that the DNS infrastructure is functioning as expected. dnswalk is particularly useful for ensuring that zone transfers are occurring correctly and that no unauthorized modifications have been made to the DNS records.

dnswalk relies on DNS queries and is subject to DNS caching and network conditions.
The accuracy of the results depends on the integrity of the DNS servers being queried. It might not work as expected with domains that have complex or unusual DNS configurations.
Newer systems use `dig` or `drill` to provide similar (but in detail more robust) functionality.

The exit status indicates whether any errors were found during the walk.
A zero exit status generally indicates no errors, while a non-zero status indicates that errors were detected.

dig(1), host(1), nslookup(1), drill(1)