Comandos Redes / diciembre 23, 2021

dt: Una herramienta CLI para mostrar información sobre su dominio

El comando dt es una herramienta bajo licencia Apache 2.0 escrita en Go. Es una herramienta CLI para DNS que muestra información sobre un dominio.

En la actualidad, tiene las siguientes características:

  • Soporte de escáner de registros comunes (Tipo A, CNAME, TXT, etc).
  • Validación de cadenas DNSSEC.
  • Modificar la velocidad de consulta para el escaneo.
  • Diagnóstico de un dominio (similar a intodns.com, dnsspy.io).

Instalación de Go en GNU/Linux

Para instalar Go en GNU/Linux debéis de seguir primero este otro tutorial:

Cómo instalar Go (GoLang) en GNU/Linux
Go, también conocido como GoLang, es un lenguaje de programación. Es de código abierto desarrollado por un equipo de Google y muchos otros colaboradores de la comunidad.
_ voidNullDon T3rr0rZ0n3

Instalación de dt

Para la instalación de dt, lo podemos hacer de diferentes formas, si por ejemplo quieres compilar tu mismo el código fuente, puedes visitar su página de GitHub para más detalle.

En este tutorial, lo que haremos será instalarlo usando el instalador de paquetes para Go que descargará el binario y luego deberemos de copiarlo en el directorio correcto.

Lo instalamos:

# go install github.com/42wim/dt@latest

Esto nos generará un directorio llamado go y si vamos a ~/go/bin veremos que tenemos el binario para dt. Ahora para ejecutarlo como un comando más de nuestro sistema operativo, deberemos de hacer lo siguiente:

# cp ~/go/bin/dt /usr/bin/

Uso de dt

Si ejecutamos el comando sin ningún parámetro, nos aparecerá la ayuda con los parámetros que dispone este software de DNS.

# dt

Usage:
        dt [FLAGS] domain

Example:
        dt icann.org
        dt -debug ripe.net
        dt -debug -scan yourdomain.com

Flags:
  -debug
        enable debug
  -json
        output in JSON
  -qps int
        queries per seconds (per nameserver) (default 10)
  -resolver string
        use this resolver for initial domain lookup (default "8.8.8.8")
  -scan
        scan domain for common records
  -showfail
        only show checks that fail or warn

Podemos usar el comando con el nombre de dominio que queremos que nos de la información de DNS, por ejemplo:

# dt stallman.org

using 8.8.8.8 as resolver

NS                          |IP           |LOC |ASN     |ISP                         |rtt         |Serial
dns1.positive-internet.com. |80.87.136.65 |GB  |AS21260 |POSITIVE-INTERNET-UK-AS, GB |42.587791ms |2019102101 |
dns0.positive-internet.com. |80.87.128.65 |GB  |AS21260 |POSITIVE-INTERNET-UK-AS, GB |46.895502ms |2019102101 |

NS                          |IP           |Version                                                                               |DNSSEC |ValidFrom  |ValidUntil
dns1.positive-internet.com. |80.87.136.65 |PowerDNS Authoritative Server 4.4.0 (built Dec 17 2020 12:40:00 by root@4b136b7c185f) |valid  |1 week ago |1 week from now
dns0.positive-internet.com. |80.87.128.65 |PowerDNS Authoritative Server 4.4.0 (built Dec 17 2020 12:40:00 by root@4b136b7c185f) |valid  |1 week ago |1 week from now
.. 
stallman.org.   10799   IN      NS      dns1.positive-internet.com.
stallman.org.   10799   IN      NS      dns0.positive-internet.com.

NS
         OK  : NS of all nameservers are identical
         OK  : Multiple nameservers found
         OK  : Your nameservers are in different subnets.
         WARN: Nameservers are all on the same AS (AS21260). This is a single point of failure.
         WARN: No IPv6 nameservers found. IPv6-only users will have problems.
         OK  : All nameservers are authoritative.
         OK  : All nameservers report they are not allowing recursive queries.
         OK  : Your nameservers are also listed as NS at the parent nameservers
         OK  : Your parent nameservers are also listed as NS at your nameservers
         OK  : No CNAMEs found for your NS records
GLUE
         WARN: no glue records found for [80.87.128.65 80.87.136.65] in NS of parent org.
         WARN: no glue records found for [80.87.128.65 80.87.136.65] in NS of stallman.org.
SOA
         OK  : SOA of all nameservers are identical
         OK  : MNAME dns0.positive-internet.com. is listed at the parent servers.
         OK  : Your nameservers have public / routable addresses.
MX
         OK  : MX of all nameservers are identical
         WARN: Only 1 MX record found. Extra records increases reliability
         OK  : Your MX records have public / routable addresses.
         OK  : Your MX records resolve to different ips.
         OK  : No CNAMEs found for your MX records
         OK  : All MX records have reverse PTR records
Web
         OK  : Found a www record
         OK  : Found a root record
         OK  : Didn't find a CNAME for the root record
         OK  : Your www record has a public / routable address.
Spam
         WARN: No DMARC records found. Along with DKIM and SPF, DMARC helps prevent spam from your domain.
         WARN: No SPF records found. Along with DKIM and DMARC, SPF helps prevent spam from your domain.
DNSSEC
         OK  : DNSKEY validated. Chain validated

Podemos también ejecutar con el parámetro -scan para que al final del comando nos dé más información de los registros:

# dt  -scan stallman.org

.. 80.87.136.65 AXFR denied
. *.stallman.org.       300     IN      A       80.87.128.67
stallman.org.   10643   IN      NS      dns0.positive-internet.com.
stallman.org.   10643   IN      NS      dns1.positive-internet.com.
stallman.org.   10645   IN      MX      0 cannonball.positive-internet.com.
stallman.org.   10645   IN      SOA     dns0.positive-internet.com. hostmaster.positive-internet.com. 2019102101 3600 1800 1814400 3600
stallman.org.   145     IN      A       216.116.72.174
stallman.org.   3443    IN      DNSKEY  257 3 13 9RLVIYhKwnkPomKb1DLQvgwFZtLJG2y5tg6dNvh+0VseHhBrwX6ALbaL3km27oUtDrCpv9IGVgblFETn9xI3+Q==
www.stallman.org.       300     IN      A       216.116.72.174

Scan took 1m20.093515057s

O incluso se puede sacar en formato JSON con -json:

# dt -json stallman.org

{"Name":"stallman.org","NSInfo":[{"Name":"dns1.positive-internet.com.","Rtt":39902537,"Serial":2019102101,"IP":"80.87.136.65","Loc":"GB","ASN":21260,"ISP":"POSITIVE-INTERNET-UK-AS, GB","Valid":true,"ChainValid":false,"Disabled":false,"Start":1636588800,"End":1638403200,"Version":"PowerDNS Authoritative Server 4.4.0 (built Dec 17 2020 12:40:00 by root@4b136b7c185f)"},{"Name":"dns0.positive-internet.com.","Rtt":47447451,"Serial":2019102101,"IP":"80.87.128.65","Loc":"GB","ASN":21260,"ISP":"POSITIVE-INTERNET-UK-AS, GB","Valid":true,"ChainValid":false,"Disabled":false,"Start":1636588800,"End":1638403200,"Version":"PowerDNS Authoritative Server 4.4.0 (built Dec 17 2020 12:40:00 by root@4b136b7c185f)"}],"Timestamp":"2021-11-24T13:31:00.000233886+01:00","Report":[{"Type":"NS","Result":[{"Result":"FAIL: NS not identical\t [80.87.128.65]\n\t stallman.org.\t10514\tIN\tNS\tdns0.positive-internet.com.\n\t stallman.org.\t10514\tIN\tNS\tdns1.positive-internet.com.\n\t \n\t [80.87.136.65]\n\t stallman.org.\t10513\tIN\tNS\tdns0.positive-internet.com.\n\t stallman.org.\t10513\tIN\tNS\tdns1.positive-internet.com.\n\t \n","Status":false,"Error":"","Records":null,"Name":"Identical"},{"Result":"OK  : Multiple nameservers found","Status":true,"Error":"","Records":["stallman.org.\t10514\tIN\tNS\tdns1.positive-internet.com.","stallman.org.\t10514\tIN\tNS\tdns0.positive-internet.com."],"Name":"Multiple"},{"Result":"OK  : Your nameservers are in different subnets.","Status":true,"Error":"","Records":null,"Name":"Subnet"},{"Result":"WARN: Nameservers are all on the same AS (AS21260). This is a single point of failure.","Status":false,"Error":"","Records":null,"Name":"MultipleAS"},{"Result":"WARN: No IPv6 nameservers found. IPv6-only users will have problems.","Status":false,"Error":"","Records":null,"Name":"IPv6"},{"Result":"OK  : All nameservers are authoritative.","Status":true,"Error":"","Records":null,"Name":"Auth"},{"Result":"OK  : All nameservers report they are not allowing recursive queries.","Status":true,"Error":"","Records":null,"Name":"Recursive"},{"Result":"OK  : Your nameservers are also listed as NS at the parent nameservers","Status":true,"Error":"","Records":null,"Name":"ParentListed"},{"Result":"OK  : Your parent nameservers are also listed as NS at your nameservers","Status":true,"Error":"","Records":null,"Name":"SelfListed"},{"Result":"OK  : No CNAMEs found for your NS records","Status":true,"Error":"","Records":null,"Name":"CNAME"}]},{"Type":"GLUE","Result":[{"Result":"WARN: no glue records found for [80.87.128.65 80.87.136.65] in NS of parent org.","Status":false,"Error":"","Records":null,"Name":"Parent"},{"Result":"WARN: no glue records found for [80.87.128.65 80.87.136.65] in NS of stallman.org.","Status":false,"Error":"","Records":null,"Name":"Self"}]},{"Type":"SOA","Result":[{"Result":"OK  : SOA of all nameservers are identical","Status":true,"Error":"","Records":null,"Name":"Identical"},{"Result":"OK  : MNAME dns0.positive-internet.com. is listed at the parent servers.","Status":true,"Error":"","Records":null,"Name":"MNAME"},{"Result":"OK  : Your nameservers have public / routable addresses.","Status":true,"Error":"","Records":null,"Name":"RFC1918"}]},{"Type":"MX","Result":[{"Result":"OK  : MX of all nameservers are identical","Status":true,"Error":"","Records":null,"Name":"Identical"},{"Result":"WARN: Only 1 MX record found. Extra records increases reliability","Status":false,"Error":"","Records":null,"Name":"Multiple"},{"Result":"OK  : Your MX records have public / routable addresses.","Status":true,"Error":"","Records":null,"Name":"RFC1918"},{"Result":"OK  : Your MX records resolve to different ips.","Status":true,"Error":"","Records":null,"Name":"DuplicateIP"},{"Result":"OK  : No CNAMEs found for your MX records","Status":true,"Error":"","Records":null,"Name":"CNAME"},{"Result":"OK  : All MX records have reverse PTR records","Status":true,"Error":"","Records":null,"Name":"Reverse"}]},{"Type":"Web","Result":[{"Result":"OK  : Found a www record","Status":true,"Error":"","Records":null,"Name":"WWW"},{"Result":"OK  : Found a root record","Status":true,"Error":"","Records":null,"Name":"Apex"},{"Result":"OK  : Didn't find a CNAME for the root record","Status":true,"Error":"","Records":null,"Name":"ApexCNAME"},{"Result":"OK  : Your www record has a public / routable address.","Status":true,"Error":"","Records":null,"Name":"RFC1918"}]},{"Type":"Spam","Result":[{"Result":"WARN: No DMARC records found. Along with DKIM and SPF, DMARC helps prevent spam from your domain.","Status":false,"Error":"","Records":null,"Name":"DMARC"},{"Result":"WARN: No SPF records found. Along with DKIM and DMARC, SPF helps prevent spam from your domain.","Status":false,"Error":"","Records":null,"Name":"SPF"}]},{"Type":"DNSSEC","Result":[{"Result":"OK  : DNSKEY validated. Chain validated","Status":true,"Error":"","Records":null,"Name":"DNSSEC"}]}],"Scan":null}

¿Buscas otro comando?

¡Revisa nuestro "Diccionario de comandos para GNU/Linux"!

Diccionario de comandos para GNU/Linux
Haz que cada palabra cuente: tu donación nos inspira a seguir creando contenido. Accede al apartado de Donación para hacer tu aportación