Skip to content
/ walk Public

DNS zone walking by following denial of existence proofs

License

MIT license
2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

buffrr/walk

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Walk

DNS zone walking by following denial of existence proofs. It walks a zone by checking the next domain in the NSEC record. For this to work, the zone must be DNSSEC signed.

This tool doesn't work for zones that use online signing.

Usage

Usage: walk [@nameserver] [options] zone

[options]:
  -f    Do a full zone walk
  -p string
        Specify port number (default "53")
  -s string
        Start walk with this owner name

Basic example

$ walk @1.1.1.1 ietf.org
_dmarc.ietf.org.  A NS SOA MX TXT AAAA RRSIG NSEC DNSKEY SPF
ietf1._domainkey.ietf.org.  TXT RRSIG NSEC
alt-meeting-sandbox.ietf.org.  TXT RRSIG NSEC
analytics.ietf.org.  CNAME RRSIG NSEC
...

Full zone walk

This is dumps the ICANN root zone

$ walk @a.root-servers.net -f  .

Credits

This project is based on ldns-walk written in C.

License

MIT

About

DNS zone walking by following denial of existence proofs

Topics

dns dnssec nsec

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages