WALKER

Section: User Contributed Perl Documentation (1)
Updated: 2005-09-20
Index Return to Main Contents
 

NAME

walker - Retrieve a DNS zone using NXT/NSEC traversal  

SYNOPSIS

walker [-y] [-n] [-d] [-x] [ @nameserver ] zonestartname ]  

DESCRIPTION

walker retrieves a DNS zone from the default or supplied name server and prints each record to the standard output. AXFR is not used, instead the DNSSEC NXT/NSEC record chain is traversed. The zone must use DNSSEC. The output should conform to the standard DNS master file format (but see BUGS). Optionally, walker can also verify DNSSEC signatures on the RRsets within the zone.  

OPTIONS

-y
Additionally perform verification on each RRset within the zone and print result of verification (in a zone file comment). This also turn on EDNS.0 and set the DNSSEC flag in queries.
-n
When querying for records, ask the nameserver non-recursively, instead of going through the full resolver logic. This parameter is useful when you know that the default name server (or the supplied specific nameserver) can respond correctly, which it typically only would if it is responsible for the zone.

The original motivation for the -n parameter was to improve speed when asking parents for NS records on delegated zones, which would make the server recursively ask the child servers.

-d
Enable debugging in the resolver (this will print all DNS packets, just like dig).
-x
Enable the EDNS.0 DNSSEC flag for SIG/RRSIG queries. Not effective if -y is used. This is needed for some servers to return SIG/RRSIG at all.
@nameserver
Query nameserver instead of the default nameserver.
zone
Name of the zone to retrieve master file for. For example, ``com''.
startname
Optional name to start the zone walk at. The default is to start walking from the start. This option is useful if the tool failed or was intterupted in the middle of a large zone.
 

AUTHOR

Simon Josefsson <simon@josefsson.org>  

BUGS

CNAME, CERT and/or SRV RRs is known to cause perl warnings during verifications with some versions of Net::DNS and Net::DNS::SEC. The cause is belived to be in Perl, Net::DNS or Net::DNS::SEC. The reader is encouraged to track down and fix these bugs.  

SEE ALSO

perl(1), axfr, perldig, Net::DNS, Net::DNS::SEC, resolv.conf


 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
AUTHOR
BUGS
SEE ALSO

linux.jgfs.net manual pages