dnswalk

Check DNS zone for errors

$ dnswalk [domain.com.]

$ dnswalk -r [domain.com.]

$ dnswalk -l [domain.com.]

$ dnswalk -d [domain.com.]

$ dnswalk -F [domain.com.]

dnswalk [options] domain

dnswalk is a DNS debugger that checks zone configurations for common errors and inconsistencies. It performs zone transfers and analyzes the resulting data for problems like lame delegations, missing PTR records, and invalid data.
The tool identifies issues including orphaned CNAME records, duplicate A records, missing reverse entries, and records pointing to non-existent hosts. It helps DNS administrators maintain zone health and catch configuration errors.
dnswalk traverses the zone hierarchy, optionally recursing into subdomains to provide comprehensive validation of DNS infrastructure.

DOMAIN

Domain to check (must end with dot).

Recursively descend subdomains.

Check lame delegations.

Debug mode (verbose).

Force zone transfer even if normally blocked.

Suppress check of invalid characters.

Turn on all warning flags.

Display help information.

Requires zone transfer access (often restricted). Domain name must end with trailing dot. May report false positives on valid but unusual configurations. Perl dependencies required.

dnswalk was written by David Barr in the early 1990s as a DNS debugging and maintenance tool. It remains useful for validating zone configurations and has been included in DNS administrator toolkits for decades.

dig(1), named-checkzone(8), nslookup(1)