Cool Solutions

Diagnostic tool for DNS Records



By:

October 13, 2009 11:09 am

Reads: 7641

Comments:1

License:
GPL

Download check-dns.pl

Domain services for Windows is tightly integrated with DNS. Primary Domain controller typically acts as DNS server for the Domain. Upon adding Domain Controller or Workstation to the domain, DNS zone records for these will be created and updated in “domain.db” file of Forest Root Domain.

This tool validates whether DNS entries for forward lookup and reverse lookup of each domain controller and workstation of the DSfW domain is properly created. This is a health check for DNS to ensure proper functioning of DSfW Domain.

To check the DNS record entry for each domain controller and member server, run the script at command line as:

perl  check-dns.pl

Output of the script states the health of DNS records for each domain controller / member server by listing the records with “OK” / “NOT OK” .

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)


Categories: Uncategorized

Disclaimer: This content is not supported by Novell. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.

1 Comment

  1. By:hargagan

    There is a correction which is wrt _ldap._tcp.pdc._msdcs.<domain-name> type SRV record check, which is one of the check done by this script.

    This record is a single entry record, which holds the primary domain controller FQDN. But due to incorrect handling for this record, it is trying to see the presence of other domain controllers too in this record. This is not correct.
    There are other records which has multiple entries, for other domain controller and that is right to check.

    I have corrected this script with the above mentioned problem. The changed script is as follows :

    #!/usr/bin/perl
    
    system("clear");
    print  "############################################################################################################################# \n";
    print  "******************* Validation of DNS zone records creation for DSfW Domain Controller and Memeber Server ******************* \n";
    print  "############################################################################################################################# \n";
    
    
    $x = `LDAPCONF=/etc/opt/novell/xad/openldap/ldap.conf /usr/bin/ldapsearch -Y EXTERNAL -b '' -s base configurationNamingContext -LLL 2>&1`;
    
    $x =~ /configurationNamingContext: (.*?)$/m;
    $configurationPartition = $1;
    
    # Find list of partitions
    @x = `LDAPCONF=/etc/opt/novell/xad/openldap/ldap.conf /usr/bin/ldapsearch -Y EXTERNAL -b "$configurationPartition" '(&(objectclass=crossref)(systemFlags=3))' ncname -LLL 2>&1 | grep -i 'ncname:'`;
    
    for ($i = 0; $i <= $#x; $i++) {
    	if ($x[$i] =~ /ncname: (.*?)$/) {
    		$partitions[$i] = $1;
    	} else {
    		die "Error reading ncname\n";
    	}
    }
    
    for ($i = 0; $i <= $#partitions; $i++) {
    	$domainFQDN = &get_domain_fqdn($partitions[$i]);
    	@dc = &get_dc_list($partitions[$i]);
    	# Check standard records for each partition
    	&dns_lookup_srv("_ldap._tcp.$domainFQDN", @dc);
    	&dns_lookup_srv("_ldap._tcp.pdc._msdcs.$domainFQDN", @dc);
    	&dns_lookup_srv("_ldap._tcp.dc._msdcs.$domainFQDN", @dc);
    	&dns_lookup_srv("_gc._tcp.$domainFQDN", @dc);
    	&dns_lookup_srv("_ldap._tcp.gc._msdcs.$domainFQDN", @dc);
    	&dns_lookup_srv("_kpasswd._tcp.$domainFQDN", @dc);
    	&dns_lookup_srv("_kpasswd._udp.$domainFQDN", @dc);
    	&dns_lookup_srv("_kerberos._tcp.$domainFQDN", @dc);
    	&dns_lookup_srv("_kerberos._udp.$domainFQDN", @dc);
    	&dns_lookup_srv("_kerberos._tcp.dc._msdcs.$domainFQDN", @dc);
    	&dns_lookup_srv("_ldap._tcp.default-first-site-name._sites.$domainFQDN", @dc);
    	&dns_lookup_srv("_gc._tcp.default-first-site-name._sites.$domainFQDN", @dc);
    	&dns_lookup_srv("_ldap._tcp.default-first-site-name._sites.dc._msdcs.$domainFQDN", @dc);
    	&dns_lookup_srv("_ldap._tcp.default-first-site-name._sites.gc._msdcs.$domainFQDN", @dc);
    	&dns_lookup_srv("_kerberos._tcp.default-first-site-name._sites.dc._msdcs.$domainFQDN", @dc);
    	&dns_lookup_srv("_kerberos._tcp.default-first-site-name._sites.$domainFQDN", @dc);
    
    	# Check forward lookup and reverse lookup for each dc
    	for ($j = 0; $j <= $#dc; $j++) {
    		$x = `host $dc[$j]`;
    		if ($? == 0) {
    			print "DNS A record OK for $dc[$j]\n";
    			$x =~ /has address (.*?)$/;
    			$ip = $1;
    			$x = `host $ip`;
    			$x =~ /domain name pointer (.*?)$/;
    			if ($? == 0) {
    				print "DNS PTR record OK for $ip ($1)\n";
    			} else {
    				print "DNS PTR record NOT OK for $ip ($1)\n";
    			}
    		} else {
    			print "DNS A record NOT OK for $dc[$j]\n";
    		}
    	}
    
    	# Lookup member servers
    	@memberServers = &get_member_server_list($partitions[$i]);
    	for ($j = 0; $j <= $#memberServers; $j++) {
    		$x = `host $memberServers[$j]`;
    		if ($? == 0) {
    			print "DNS A record OK for $memberServers[$j]\n";
    			$x =~ /has address (.*?)$/;
    			$ip = $1;
    			$x = `host $ip`;
    			$x =~ /domain name pointer (.*?)$/;
    			if ($? == 0) {
    				print "DNS PTR record OK for $ip ($1)\n";
    			} else {
    				print "DNS PTR record NOT OK for $ip ($1)\n";
    			}
    		} else {
    			print "DNS A record NOT OK for $memberServers[$j]\n";
    		}
    	}
    }
    
    sub get_dc_list {
    	my ($domain, @x, $i, @dc);
           	$domain = $_[0];
    	@x = `LDAPCONF=/etc/opt/novell/xad/openldap/ldap.conf /usr/bin/ldapsearch -Y EXTERNAL -b "ou=Domain Controllers,$domain" -s one dNSHostName -LLL 2>&1 | grep 'dNSHostName:'`;
    	for ($i = 0; $i <= $#x; $i++) {
    		if ($x[$i] =~ /dNSHostName: (.*?)$/) {
    			@dc[$i] = $1;
    		} else {
    			die "Error reading dNSHostName\n";
    		}
    	}
    	return @dc;
    }
    
    sub get_member_server_list {
    	my ($domain, @x, $i, @servers);
           	$domain = $_[0];
    	@x = `LDAPCONF=/etc/opt/novell/xad/openldap/ldap.conf /usr/bin/ldapsearch -Y EXTERNAL -b "cn=computers,$domain" -s one dNSHostName -LLL 2>&1 | grep 'dNSHostName:'`;
    	for ($i = 0; $i <= $#x; $i++) {
    		if ($x[$i] =~ /dNSHostName: (.*?)$/) {
    			@servers[$i] = $1;
    		} else {
    			die "Error reading dNSHostName\n";
    		}
    	}
    	return @servers;
    }
    
    sub get_domain_fqdn {
    	my ($domain, $fqdn, $x);
    	$domain = $_[0];
    	$x = `LDAPCONF=/etc/opt/novell/xad/openldap/ldap.conf /usr/bin/ldapsearch -Y EXTERNAL -b "$configurationPartition" '(&(objectClass=crossref)(ncname=$domain))' dnsRoot -LLL 2>&1 | grep 'dnsRoot:'`;
    	if ($x =~ /dnsRoot: (.*?)$/) {
    		$fqdn = $1;
    	} else {
    		die "Error reading dnsRoot\n";
    	}
    }
    
    sub check_members {
    	my ($x, $y, $i, $ret);
    	$ret = 0;
    	$x = $_[0];
    	$y = $_[1];
    	my $found_pdc_record = 0;
            for ($i = 0; $i < = $#{$y}; $i++) {
    		if (grep(/${$y}[$i]/, @{$x}) != 1) {
    			if(${$x}[0] !~ /^_ldap._tcp.pdc._msdcs.*/) {
    				print "DNS record not found for ${$y}[$i]\n";
    			}
    			$ret = 1;
    		}
    		else {
     		   if (${$x}[0] =~ /_ldap._tcp.pdc._msdcs.*/) {
    			$found_pdc_record = 1; 
    		   }
    		}
    	}
    	if ((${$x}[0] =~ /_ldap._tcp.pdc._msdcs.*/)and ($found_pdc_record == 1)) {
    		$ret = 0;
    		$found_pdc_record = 0;
    	} 
    	return $ret;
    }
    
    sub dns_lookup_srv {
    	my ($name, @x, @dc, $ret);
    	$name = $_[0];
    	@dc = @_[1..$#_];
    	@x = `/usr/bin/nslookup -querytype=srv $name | grep -i '$name'`;
    	
    	$ret = &check_members(\@x, \@dc);
    	if ($ret == 0) {
    		print "DNS SRV records OK for $name\n";
    	} else {
    		print "DNS SRV records NOT OK for $name\n";
    	}
    }
    
    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)

Comment

RSS