Some new DNS-related tools
I’ve recently had cause to write a few DNS-related tools that might be useful for you at some point.
dns-auditor
dns-auditor pulls DNS records from your DNS host’s API and checks them for a few potential issues. (Currently, supported DNS hosts are DigitalOcean, Porkbun, and Name.com.)
It checks that:
- CAA records are valid. Optionally, it can require CAA records with
issueandiodeffields to be present. - CNAME records point to names that have resolvable A records.
- MX records point to names that have resolvable A records.
- DMARC records, if present, are valid. Optionally, it can require domains with MX records to have SPF and DMARC records.
- Reverse DNS for the IPs that A/AAAA records point to resolve to the same domain.
It’s written in Python for reasons1, but it doesn’t have any particularly complex dependencies so it’s easy to run. And there are prebuilt Docker images, too.
Migrators
These tools use the relevant DNS hosts’ APIs to copy records from one host to another:
- DigitalOcean to Porkbun DNS migrator
- DigitalOcean to Name.com DNS migrator
- Name.com to DigitalOcean DNS migrator
(That last one is unfortunately quite old and I’m no longer maintaining it.)
DigitalOcean DDNS
While we’re here, there’s one more DNS tool that I no longer maintain but which some may find useful: do-ddns, a Dynamic DNS server that updates DigitalOcean DNS records.
I built this tool with a client/server architecture, which is more complex than is strictly necessary. This is because a goal of the project was DynDns API compatibility, meaning this server is usable with routers & other systems that support DynDns natively (such as the Ubiquiti Security Gateway).
I started it in Python about 6 years ago and I didn’t want to start from scratch: ↩