1GENREPORT() genreport(1) GENREPORT()
2
6 genreport - generate a report about DNS server compliance.
7
9 genreport [-46abBcdDeEfjLnopPRstT] [-i test] [-I test] [-m maxoutstand‐
10 ing] [-r server]
11
13 genreport tests DNS servers responses to a variety of different queries
14 and remotes if the response is compliant with the relevant RFCs.
15 genreport takes a list of zone names with optional server names and/or
17 IP address (one per line). If only the zone name is provided the list
18 of name servers for the zone will be looked up followed by the ad‐
19 dresses of all the servers for those name servers. If the zone and name
20 server name is specified then only the addresses of that name server
21 will be used for testing. If zone, server and address are given then
22 only that address will be used for testing. The server is a placeholder
23 field.
24 There are four grouping of tests EDNS (default), FULL (includes EDNS),
26 COMMON and TYPE.
27 Options are order dependent.
29
31 -4 only query IPv4 servers.
32 -6 only query IPv6 servers.
34 -a only emit ´all ok´ rather than a result for each sub test.
36 -A only emit ´all (ok|refused|servfail|timeout)´ rather than a re‐
38 sult for each sub test taking into account EDNS version process‐
39 ing.
40 -b only emit bad servers.
42 -B only emit bad tests.
44 -c add common queries to the set of tests to be made.
46 -d enable debugging.
48 -D list tests and matching dig command
50 -e edns test.
52 -E EDNS only. Only emit a report if there has been a valid EDNS re‐
54 sponse.
55 -f add full mode tests (includes edns).
57 -g look for glue (nameserver, address pairs) then qualify matching
59 zone, ns pairs.
60 -G only use glue to qualify zone, ns pairs.
62 -i test
64 add a individual test.
65 -I test
67 remove a individual test.
68 -h emit json.
70 -L list tests and their grouping.
72 -m maxoutstanding
74 set the maximum number of outstanding DNS queries in progress.
75 -n report the NSID value if found.
77 -o restore the output order rather than printing each server as the
79 tests for that server complete.
80 -p run tests in parallel.
82 -P port
84 specify a alternate port to query (default 53).
85 -r server
87 use specified recursive server to look up name servers for a
88 zone and addresses.
89 -R run recursive tests.
91 -s serialize tests.
93 -t type tests (serial) - test the server´s handling of different
95 query types. This disables any previous -c, -e (default), and -f
96 switch. To get TYPE test with EDNS, FULL or COMM tests you need
97 to specify them after the -t switch.
98 -T print type list for type test (-t).
100 -u only test a IP address once.
102 -U delay between UDP requests to a server in milliseconds (default:
104 113, range: [0..1000]).
105
107 Test all servers for a zone
108 % echo isc.org | genreport -po
109 This runs all the tests in parallel against a server (-p) and the out‐
111 put order (-o) is preserved.
112 Test a specific server for a zone by name
114 % echo isc.org ams.sns-pb.isc.org | genreport
115 Test a specific server for a zone by address
117 % echo isc.org ams.sns-pb.isc.org 199.6.1.30 | genreport
118 The server name is ignored other than to be placed in the report.
120 Test all servers in the root zone
122 % dig axfr . | awk ´$4 == "NS" { print $1, $5 }´ > list
123 % genreport -so < list
124 This generates a seperate list as the AXFR will timeout when the pipe‐
126 line stalls. The tests are run in serial (-s) against a server and the
127 output is reordered to preserve the input order (-o).
128 Test all servers in the root zone against the in-zone address records
130 % dig axfr . |
131 > tr ´[a-z]´ ´[A-Z]´ |
132 > awk ´$4 == "NS" {
133 > ns[$1 " " $5] = $5
134 > }
135 > $4 == "A" {
136 > if (a[$1]) {
137 > a[$1] = a[$1] " " $5
138 > } else {
139 > a[$1] = $5
140 > }
141 > }
142 > $4 == "AAAA" {
143 > if (aaaa[$1]) {
144 > aaaa[$1] = aaaa[$1] " " $5
145 > } else {
146 > aaaa[$1] = $5
147 > }
148 > }
149 > END {
150 > for (n in ns) {
151 > split(n, k, " ")
152 > if (a[k[2]]) {
153 > split(a[k[2]], l, " ")
154 > for (m in l) print(n, l[m])
155 > }
156 > if (aaaa[k[2]]) {
157 > split(aaaa[k[2]], l, " ")
158 > for (m in l) print(n, l[m])
159 > }
160 > }
161 > }´ |
162 > sort > list
163 % genreport -so < list
164 Test all the root servers handling of different query types.
166 echo . | genreport -ta
167 As the type list is long we also collapse the output to "all ok" (-a)
169 if all subtests to a particular server succeed.
170 Test all the glue servers in a zone.
172 % dig axfr zone > file
173 % ( awk ´$4 == "A" || $4 == "AAAA" { print $1, $5 }´ file;
174 > awk ´$4 == "NS" { print $1, $5 }´ file ) | genreport -gG
175 Test a recursive server
177 For this you should give it the name of a zone with DNSSEC records if
178 possible.
179 echo isc.org localhost | genreport -R
181 or
183 echo isc.org . <address of server> | genreport -R
185
187 dns EDNS
188 Send a plain DNS query with type code SOA.
189 aa FULL
191 Send a plain DNS query with type code SOA and AA set to 1.
192 ad FULL
194 Send a plain DNS query with type code SOA and AD set to 1.
195 cd FULL
197 Send a plain DNS query with type code SOA and CD set to 1.
198 ra FULL
200 Send a plain DNS query with type code SOA and RA set to 1.
201 rd FULL
203 Send a plain DNS query with type code SOA and RD set to 1.
204 tc FULL
206 Send a plain DNS query with type code SOA and TC set to 1.
207 zflag FULL
209 Send a plain DNS query with type code SOA and the remaining re‐
210 served DNS header flag set to 1.
211 opcode FULL
213 Send a request with a unknown opcode (15).
214 opcodeflg FULL
216 Send a request with a unknown opcode (15) and the following flag
217 bits set to 1 (tc, rd, ra, cd, ad, aa, and z).
218 type666 FULL
220 Send a plain DNS query with type code 666. This is used to test
221 unknown type code handling.
222 tcp FULL
224 Send a plain DNS query with type code SOA over TCP.
225 edns EDNS
227 Send a EDNS version 0 query with type code SOA.
228 edns1 EDNS
230 Send a EDNS query with a unknown version (1) and type code SOA.
231 edns@512 EDNS
233 Send a EDNS version 0 query with type code DNSKEY, DO set to 1
234 and the EDNS buffer size set to 512. This query is attempting to
235 elicit a truncated EDNS response.
236 ednsopt EDNS
238 Send a EDNS version 0 query with type code SOA and a undefined
239 EDNS option code (100).
240 edns1opt EDNS
242 Send a EDNS query with a unknown version (1), type code SOA and
243 a undefined EDNS option code (100).
244 do EDNS
246 Send a EDNS version 0 query with type code SOA and DO set to 1.
247 docd FULL
249 Send a FULL version 0 query with type code SOA, DO set to 1 and
250 CD set to 1.
251 edns1do FULL
253 Send a EDNS query with a unknown version (1), type code SOA and
254 DO set to 1.
255 ednsflags EDNS
257 Send a EDNS version 0 query with type code SOA and a undefined
258 EDNS flag bit set to 1.
259 optlist EDNS
261 Send a EDNS version 0 query with type code SOA and EDNS options
262 NSID, ECS, EXPIRE, and COOKIE.
263 ednsnsid FULL
265 Send a EDNS version 0 query with type code SOA and EDNS option
266 NSID.
267 ednscookie FULL
269 Send a EDNS version 0 query with type code SOA and EDNS option
270 COOKIE.
271 ednsexpire FULL
273 Send a EDNS version 0 query with type code SOA and EDNS option
274 EXPIRE.
275 ednssubnet FULL
277 Send a EDNS version 0 query with type code SOA and EDNS option
278 ECS.
279 edns1nsid FULL
281 Send a EDNS query with a unknown version (1), type code SOA and
282 EDNS option NSID.
283 edns1cookie FULL
285 Send a EDNS query with a unknown version (1), type code SOA and
286 EDNS option COOKIE.
287 edns1expire FULL
289 Send a EDNS query with a unknown version (1), type code SOA and
290 EDNS option EXPIRE.
291 edns1subnet FULL
293 Send a EDNS query with a unknown version (1), type code SOA and
294 EDNS option ECS.
295 ednstcp EDNS
297 Send a EDNS version 0 query with type code SOA over TCP.
298 bind11 COMM
300 Send a query that is typical of what named from BIND 9.11 sends.
301 dig11 COMM
303 Send a query that is typical of what dig from BIND 9.11 sends.
304 dnswkk Send a plain DNS request with TSIG signature. The key is name is
306 ".", the algorithm is "hmac-sha256", the secret is 0-32 zero
307 bytes.
308 icmp Send a icmp / icmp6 echo request.
310 A TYPE Send a plain DNS query with type code A.
312 NS TYPE
314 Send a plain DNS query with type code NS.
315 MD TYPE
317 Send a plain DNS query with type code MD.
318 MF TYPE
320 Send a plain DNS query with type code MF.
321 CNAME TYPE
323 Send a plain DNS query with type code CNAME.
324 SOA TYPE
326 Send a plain DNS query with type code SOA.
327 MB TYPE
329 Send a plain DNS query with type code MB.
330 MG TYPE
332 Send a plain DNS query with type code MG.
333 MR TYPE
335 Send a plain DNS query with type code MR.
336 NULL TYPE
338 Send a plain DNS query with type code NULL.
339 WKS TYPE
341 Send a plain DNS query with type code WKS.
342 PTR TYPE
344 Send a plain DNS query with type code PTR.
345 HINFO TYPE
347 Send a plain DNS query with type code HINFO.
348 MINFO TYPE
350 Send a plain DNS query with type code MINFO.
351 MX TYPE
353 Send a plain DNS query with type code MX.
354 TXT TYPE
356 Send a plain DNS query with type code TXT.
357 RP TYPE
359 Send a plain DNS query with type code RP.
360 AFSDB TYPE
362 Send a plain DNS query with type code AFSDB.
363 X25 TYPE
365 Send a plain DNS query with type code X25.
366 ISDN TYPE
368 Send a plain DNS query with type code ISDN.
369 RT TYPE
371 Send a plain DNS query with type code RT.
372 NSAP TYPE
374 Send a plain DNS query with type code NSAP.
375 NSAP-PTR TYPE
377 Send a plain DNS query with type code NSAP-PTR.
378 SIG TYPE
380 Send a plain DNS query with type code SIG.
381 KEY TYPE
383 Send a plain DNS query with type code KEY.
384 PX TYPE
386 Send a plain DNS query with type code PX.
387 GPOS TYPE
389 Send a plain DNS query with type code GPOS.
390 AAAA TYPE
392 Send a plain DNS query with type code AAAA.
393 LOC TYPE
395 Send a plain DNS query with type code LOC.
396 NXT TYPE
398 Send a plain DNS query with type code NXT.
399 SRV TYPE
401 Send a plain DNS query with type code SRV.
402 NAPTR TYPE
404 Send a plain DNS query with type code NAPTR.
405 KX TYPE
407 Send a plain DNS query with type code KX.
408 CERT TYPE
410 Send a plain DNS query with type code CERT.
411 A6 TYPE
413 Send a plain DNS query with type code A6.
414 DNAME TYPE
416 Send a plain DNS query with type code DNAME.
417 APL TYPE
419 Send a plain DNS query with type code APL.
420 DS TYPE
422 Send a plain DNS query with type code DS.
423 SSHFP TYPE
425 Send a plain DNS query with type code SSHFP.
426 IPSECKEY TYPE
428 Send a plain DNS query with type code IPSECKEY.
429 RRSIG TYPE
431 Send a plain DNS query with type code RRSIG.
432 NSEC TYPE
434 Send a plain DNS query with type code NSEC.
435 DNSKEY TYPE
437 Send a plain DNS query with type code DNSKEY.
438 DHCID TYPE
440 Send a plain DNS query with type code DHCID.
441 NSEC3 TYPE
443 Send a plain DNS query with type code NSEC3.
444 NSEC3PARAM TYPE
446 Send a plain DNS query with type code NSEC3PARAM.
447 TLSA TYPE
449 Send a plain DNS query with type code TLSA.
450 SMIMEA TYPE
452 Send a plain DNS query with type code SMIME.
453 HIP TYPE
455 Send a plain DNS query with type code HIP.
456 CDS TYPE
458 Send a plain DNS query with type code CDS.
459 CDNSKEY TYPE
461 Send a plain DNS query with type code CDNSKEY.
462 OPENPGPKEY TYPE
464 Send a plain DNS query with type code OPENPGPKEY.
465 SPF TYPE
467 Send a plain DNS query with type code SPF.
468 NID TYPE
470 Send a plain DNS query with type code NID.
471 L32 TYPE
473 Send a plain DNS query with type code L32.
474 L64 TYPE
476 Send a plain DNS query with type code L64.
477 LP TYPE
479 Send a plain DNS query with type code LP.
480 EUI48 TYPE
482 Send a plain DNS query with type code EUI48.
483 EUI64 TYPE
485 Send a plain DNS query with type code EUI64.
486 URI TYPE
488 Send a plain DNS query with type code URI.
489 CAA TYPE
491 Send a plain DNS query with type code CAA.
492 AVC TYPE
494 Send a plain DNS query with type code AVC.
495 DOA TYPE
497 Send a plain DNS query with type code DOA.
498 DLV TYPE
500 Send a plain DNS query with type code DLV.
501 TYPE1000 TYPE
503 Send a plain DNS query with type code 1000. This is used to test
504 unknown type code handling.
505
507 dig(1), named(8).
508Internet Systems Consortium August 2023 GENREPORT()