Dns

Broken DNS performs lame delegation checking at scale to identify DNS nameserver configuration issues. The tool validates DNS delegation by checking if nameservers properly respond to queries for zones they are supposed to be authoritative for. The Go implementation can process large numbers of domains and nameservers to detect misconfigurations where nameservers are listed in delegation records but do not actually serve the zone data. This helps identify broken DNS setups that can cause resolution failures.

DNS2mDNS bridges traditional DNS queries with multicast DNS (mDNS) resolution for .local hostnames. The service allows devices that don’t natively support mDNS, such as many Android devices and Windows systems, to resolve local network hostnames through standard DNS queries. The Go implementation acts as a DNS server that intercepts queries for .local domains and forwards them to the mDNS system, then returns the results via standard DNS responses. This enables seamless local hostname resolution across mixed network environments with Docker deployment support.

Allxfr performs DNS zone transfers (AXFR) against nameservers to retrieve complete zone files. The tool systematically attempts zone transfers against root zone servers and other configured nameservers to discover available zone data. The program supports both IPv4 and IPv6 connections and includes options for parallel transfers, dry-run operations, and zone file storage. It implements the DNS AXFR protocol to request complete zone transfers from authoritative nameservers that permit such operations.

CZDS is a Go library and CLI tool for interacting with ICANN’s Centralized Zone Data Service API. It handles authentication, zone file downloads, request submissions, and status monitoring for accessing top-level domain zone data. The implementation supports parallel downloads, request management, and provides both library interfaces for Go applications and standalone command-line functionality. The tool automates the process of requesting and retrieving DNS zone files from ICANN’s centralized service.

Certgraph is a tool I’ve been developing to scan and graph the network of SSL certificate alternative names. It can be used to find other domains that belong to an organization that may be several orders removed and not always obvious. Background The idea for this project came about after examining the SSL certificate for XKCD.com. If you look closely at the screenshot below you will see that the SSL certificate used on XKCD.com is also valid for many of domains which have no relationship to XKCD or Randall Munroe. ...

DNS.coffee is a web platform that collects and archives DNS zone file statistics to provide insights into DNS growth and changes over time. The service tracks domain distribution across zones, TLD root zone growth patterns, and overall internet domain expansion through comprehensive data visualization. The platform includes tools for domain record searches, nameserver lookups, IP information queries, and advanced search capabilities. DNS.coffee also provides an API for programmatic access to DNS data, making it a valuable resource for researchers and network administrators analyzing DNS infrastructure trends and domain name system evolution.