Search | Directories | Reference Tools
UW Home > UWIN > Computing and Networking > Support > UW Domains 

Windows Forest DNS Tool

UW Windows Domains Menu

UW Windows Infrastructure

UWNetIDs and Windows

UW Forest

Nebula

Community Resources

How to Setup a Domain

Diagnosing domain controller issues

Windows Domains Site Map

 

Given the forest root domain of a forest, this tool checks DNS for every DNS record that should be registered for every domain controller in that forest. While the output isn't as spiffy as MS' dnslint tool, it is *far* more comprehensive than dnslint (dnslint only checks A and CNAME for each DC). And there are more bells & whistles.

This tool and source code are made available as is. However, if you find a bug, identify a feature you'd like, or make any enhancement to the source code please send an email to help@cac.washington.edu--we'll see what we can do.

Features:

  • Open source.

  • No special info hard-coded. This code should adapt to your org. You specify the forest root domain and dns server. And optionally the smtp server and enterprise admin's email.

  • Site aware. You've got multiple sites in your AD. Fine. This code checks the appropriate DNS records.

  • Reports superfluous records.

  • Doesn't care what software runs your DNS.

  • Can choose whether to ping each DC's A record.

  • Can have per domain email problem reports sent.

  • Can have enterprise admin comprehensive problem email report sent.

  • Can suppress GC A record check.

  • Can customize the email header for reports.

Assumptions:

  • Must be run by a user in your forest from a computer in your forest.

  • cn=servers,cn=,cn=sites,cn=configuration, holds the authoritative list of all DCs in your forest.

  • This code depends on c:\bin\dig.exe, a Win32 executable from ISC. Dig.exe relies on several dll files: libdns.dll,libeay32.dll, libisc.dll, libisccc.dll, libisccfg.dll, liblwres.dll, mfc70.dll, msvcr70.dll. You can obtain the ISC dig tool from http://www.isc.org/products/BIND/. The version tested with this code is at ftp://ftp.isc.org/isc/bind/contrib/ntbind-9.2.3/BIND9.2.3.zip

  • The log file goes to c:\bin\srv.log by default. That directory must exist prior to execution.

  • c:\bin\srv.ini contains the text of the desired email header for reports. In the event this file is missing, there is no header.

Downloads

This tool (both the executable and source) are subject to the copyright listed below.

Here's a fully functional executable (due to ISC restrictions, we can't redistribute the dig executable & dll's, so you'll have to grab those yourself).

Here's the source code for modification and/or perusal.

Copyright 2003 by the University of Washington

**This copyright is restricted to Institutions of Higher Education only. No permissions are granted to individuals or other institutions.**

Permission to use, copy, modify, and distribute original and modified versions of this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notices appear in all copies and that both the above copyright notices and this permission notice appear in supporting documentation, and that the name of the University of Washington not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. This software is made available "as is", and

THE UNIVERSITY OF WASHINGTON DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, WITH REGARD TO THIS SOFTWARE, INCLUDING WITHOUT LIMITATION ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND IN NO EVENT SHALL THE UNIVERSITY OF WASHINGTON BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, TORT (INCLUDING NEGLIGENCE) OR STRICT LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

Installation and configuration

After unzipping dnsToolexe.zip into c:\bin, you should download dig from ISC. Copy dig.exe, libdns.dll,libeay32.dll, libisc.dll, libisccc.dll, libisccfg.dll, liblwres.dll, mfc70.dll, and msvcr70.dll into c:\bin. Modify c:\bin\UWsrv.ini so that it reflects the info you want in the email headers. Rename UWsrv.ini to srv.ini. See below for usage.

Usage

Executing srv.exe from the command line will produce 2 message boxes that delineate the switches and syntax for using them. The usage:

srv.exe -frd:YourForestRootDomainHere -dns:YourAuthoritativeDNSserverHere [-email:YourSMTPServerHere -eaemailonly:YourSMTPServerHere -noaping -ea:YourEnterpriseAdminEmailHere -altreplyto:help@YourHelpHere -nogca]

-frd Required. Specify FQDN of forest root domain to be analyzed.

-dns Required. Specify FQDN of your org's authoritative DNS server. Misspelling is bad.

-email Optional. Specify the FQDN of your smtp server. This emails a report to domain contacts as noted by the domain object managedby info.

-eaemailonly Optional. Specify the FQDN of your smtp server. This only emails a comprehensive report to Enterprise Admins that includes all GC and domain issues (not needed if -email used). Per domain reports are skipped.

-noaping Optional. Don't ping A records.

-ea Optional. Specify alternative email for enterprise admin's report (which comes via -email or -eaemailonly). By default, the forest root domain managedby info is used.

-altreplyto Optional. Specify a replyto address. By default, the replyto is help@YourForestRootDomainHere.

-nogca Optional. Don't bother with GC A records, i.e. gc._msdcs.YourForestRootDomainHere A. These aren't required for typical functionality, and are used for non-MS client interoperability.

Bug fix history

3/3/04 Added bug fix to PDC emulator record check. Removed BCC to me.