All-in-One DNS Tool: Domain Analyzer

Just a quick glance at the domain_analyzer script from Sebastián García and Verónica Valeros. “Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way.” Nice one. If you’re running your own DNS servers you should check e.g. whether your firewall rules are correct (scanned with Nmap) or whether you’re not allowing zone transfer, etc.

This blogpost is part of a series about DNSSEC. Refer to this list for all articles.

Installation

Domain Analyzer is written in phyton. I am using it on an Ubuntu server which requires the following commands to install the appropriate tools:

Quite easy.

Basic Usage Example

The tool provides many different options. For a basic test I am using only the --domain <domain> option and  --not-common-hosts-names to limit the noise (since I am merely interested in the name servers itself). It offers a colored output which helps in reading it. Following are two output examples for my own zone weberdns.de which I tested from two different hosts.

The first test was from a normal PC through the Internet. Hence, no zone transfer were possible (lines 31-34) and only port 53 was discovered:

In order to see some differences I tested it from an internal workstation with other firewall rules. Hence port 22 (ssh) was possible now, while zone transfers are still not allowed, which is correct:

Of course you can read out much more info than this. For example the server versions such as BIND 9.10.3-P4-Ubuntu, googled mails, other active hosts on the subnets, geo-ip contries where the servers reside, and much more. You should definitely give it a try!

(Note that domain_analyzer currently supports only legacy IP and not IPv6. But I already requested that feature. ;)) Cheers.

Featured image “Mikroskop” by Dirk Vorderstraße is licensed under CC BY 2.0.

Leave a Reply

Your email address will not be published. Required fields are marked *