Vuoi capire gli errori nel dettaglio? Apri la guida completa
Premessa: software utilizzato nella guida
Questi snippet utilizzano la libreria DnsClient.NET per replicare i controlli DNS ufficiali del Registro .IT. Sono pensati per PowerShell 7+, la versione moderna e multipiattaforma (Windows, Linux, macOS) basata su .NET. Maggiori informazioni sono disponibili sul sito ufficiale, compreso il pacchetto già pronto in formato MSI per l'installazione su Windows: https://aka.ms/pscore6.
Su Windows è preinstallato Windows PowerShell 5.1. È possibile installare la nuova versione di PowerShell anche da lì, con il comando:
winget install --id Microsoft.Powershell --source winget
Al termine dell’installazione sarà disponibile una nuova icona nel menu Start e sarà possibile avviare l’ultima versione di PowerShell tramite pwsh.exe.
Installazione della libreria DnsClient.NET
La libreria DnsClient.NET è disponibile su nuget.org e va installata una sola volta per utente:
Per procedere con l’installazione in modo non interattivo, ed evitare di scaricare pacchetti aggiuntivi, si può usare il comando con i parametri -Force e -SkipDependencies. L’attuale versione di DnsClient.NET non ha dipendenze obbligatorie, quindi questi parametri sono sicuri da utilizzare:
Install-Package DnsClient -Source nuget.org -Force -SkipDependencies
Il pacchetto viene salvato nella cartella NuGet locale dell’utente:
%USERPROFILE%\.nuget\packages su Windows o $HOME/.nuget/packages su Linux/macOS.
Nota: su alcune installazioni PowerShell 7+, potrebbe essere necessario registrare la source
nuget.org prima di usare Install-Package. In tal caso, eseguire prima:Register-PackageSource -Name NugetOrg -Location https://api.nuget.org/v3/index.json -ProviderName NuGet -Trusted -Force
Installazione manuale alternativa DnsClient (versione 1.8.0) in caso di errore
In alcuni casi, il comando Install-Package può fallire anche su installazioni recenti di PowerShell 7, ad esempio con errori come:
Install-Package: Package 'DnsClient' failed to be installed because: End of Central Directory record could not be found.Questo accade quando il pacchetto viene scaricato in modo incompleto o corrotto. Se riscontri questo problema (testato su due installazioni Windows 10, incluso un sistema appena formattato), puoi procedere con l’installazione manuale della versione 1.8.0 della libreria.
Procedura manuale (valida per Windows, Linux e macOS)
- Scarica il pacchetto DnsClient 1.8.0 da NuGet:
Invoke-WebRequest https://www.nuget.org/api/v2/package/DnsClient/1.8.0 -OutFile ./DnsClient.1.8.0.nupkg- Estrai il contenuto in una cartella locale:
Expand-Archive ./DnsClient.1.8.0.nupkg -DestinationPath ./DnsClientLib- Carica la DLL direttamente dal pacchetto estratto:
Add-Type -Path "./DnsClientLib/lib/netstandard2.0/DnsClient.dll"- Esegui la tua query DNS normalmente:
$lookup = New-Object DnsClient.LookupClient
$result = $lookup.Query("www.gidinet.com", [DnsClient.QueryType]::A)
$result.AnswersQuesto metodo non richiede configurazioni particolari di NuGet ed è completamente multipiattaforma.
Nota: se installi la libreria manualmente, il percorso della DLL sarà diverso da quello usato nella versione con
Se cambi il nome della cartella o scarichi una versione diversa, assicurati di assegnare il percorso corretto alla variabile
Install-Package.
In questo caso, dovrai caricare il file direttamente dalla cartella dove hai estratto il pacchetto. Ad esempio:$dnsClientDll = "./DnsClientLib/lib/netstandard2.0/DnsClient.dll"Se cambi il nome della cartella o scarichi una versione diversa, assicurati di assegnare il percorso corretto alla variabile
$dnsClientDll.
Caricamento e utilizzo
Windows
$dnsClientDll = "$env:USERPROFILE\.nuget\packages\dnsclient\1.8.0\lib\netstandard2.0\DnsClient.dll"
Add-Type -Path $dnsClientDll
$lookup = New-Object DnsClient.LookupClient
$result = $lookup.Query("www.gidinet.com", [DnsClient.QueryType]::A)
$result.AnswersmacOS
$dnsClientDll = "$HOME/.nuget/packages/dnsclient/1.8.0/lib/netstandard2.0/DnsClient.dll"
Add-Type -Path $dnsClientDll
$lookup = New-Object DnsClient.LookupClient
$result = $lookup.Query("www.gidinet.com", [DnsClient.QueryType]::MX)
$result.AnswersLinux
$dnsClientDll = "$HOME/.nuget/packages/dnsclient/1.8.0/lib/netstandard2.0/DnsClient.dll"
Add-Type -Path $dnsClientDll
$lookup = New-Object DnsClient.LookupClient
$result = $lookup.Query("www.gidinet.com", [DnsClient.QueryType]::AAAA)
$result.AnswersUso multipiattaforma (tool portabile)
Se stai realizzando uno script PowerShell da usare su più sistemi operativi, puoi rilevare l’ambiente in uso e caricare automaticamente la DLL corretta:
if ($IsWindows) {
$dnsClientDll = "$env:USERPROFILE\.nuget\packages\dnsclient\1.8.0\lib\netstandard2.0\DnsClient.dll"
}
elseif ($IsLinux -or $IsMacOS) {
$dnsClientDll = "$HOME/.nuget/packages/dnsclient/1.8.0/lib/netstandard2.0/DnsClient.dll"
}
else {
throw "Sistema operativo non supportato."
}
Add-Type -Path $dnsClientDll
$lookup = New-Object DnsClient.LookupClient
$result = $lookup.Query("gidinet.it", [DnsClient.QueryType]::NS)
$result.AnswersNameserversResolvableTest
Controlla che l'hostname restituisca almeno un record A o AAAA.
function NameserversResolvableTest {
param(
[string]$server
)
$resolver = New-Object DnsClient.LookupClient
$a = $resolver.Query($server, [DnsClient.QueryType]::A)
$aaaa = $resolver.Query($server, [DnsClient.QueryType]::AAAA)
$countA = $a.Answers.Count
$countAAAA = $aaaa.Answers.Count
if ($countA -gt 0 -or $countAAAA -gt 0) {
Write-Output "Nameserver '$server' risolvibile correttamente (A: $countA, AAAA: $countAAAA)"
} else {
Write-Output "ERRORE: il nameserver '$server' non restituisce né A né AAAA"
}
}
#esempio
NameserversResolvableTest -server "dns1.gidinet.com"NSQueryAnswerTest
Richiede i record NS del dominio e verifica la risposta autoritativa.
function NSQueryAnswerTest {
param(
[string]$domain,
[string]$server,
[switch]$testIpv6
)
$lookup = New-Object DnsClient.LookupClient
$ipv4 = $lookup.Query($server, [DnsClient.QueryType]::A)
$ipv6 = $lookup.Query($server, [DnsClient.QueryType]::AAAA)
foreach ($ip in $ipv4.Answers) {
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($ip.Address))
$response = $resolver.Query($domain, [DnsClient.QueryType]::NS)
$ipString = $ip.Address.IPAddressToString
$hasAA = $response.Header.HasAuthorityAnswer
Write-Output "nameserver '$server' IP '$ipString', AuthorityAnswer? $hasAA"
}
if ($testIpv6) {
foreach ($ip in $ipv6.Answers) {
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($ip.Address))
$response = $resolver.Query($domain, [DnsClient.QueryType]::NS)
$ipString = $ip.Address.IPAddressToString
$hasAA = $response.Header.HasAuthorityAnswer
Write-Output "nameserver '$server' IP '$ipString', AuthorityAnswer? $hasAA"
}
}
}
#esempio
NSQueryAnswerTest -domain "gidinet.it" -server "dns1.gidinet.com" -testIpv6IPSOATest
Verifica il seriale SOA per ogni IP di un nameserver.
function IPSOATest {
param(
[string]$domain,
[string]$server,
[switch]$testIpv6
)
$lookup = New-Object DnsClient.LookupClient
$ipv4 = $lookup.Query($server, [DnsClient.QueryType]::A)
$ipv6 = $lookup.Query($server, [DnsClient.QueryType]::AAAA)
$seriali = @()
foreach ($ip in $ipv4.Answers) {
$addr = $ip.Address
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($addr))
$response = $resolver.Query($domain, [DnsClient.QueryType]::SOA)
$serial = $response.Answers[0].SerialNumber
$seriali += @{ ip = $addr.IPAddressToString; serial = $serial }
}
if ($testIpv6) {
foreach ($ip in $ipv6.Answers) {
$addr = $ip.Address
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($addr))
$response = $resolver.Query($domain, [DnsClient.QueryType]::SOA)
$serial = $response.Answers[0].SerialNumber
$seriali += @{ ip = $addr.IPAddressToString; serial = $serial }
}
}
foreach ($entry in $seriali) {
Write-Output "SOA da $server (${entry.ip}): Serial = ${entry.serial}"
}
$gruppiSeriali = $seriali | Select-Object -ExpandProperty serial | Sort-Object -Unique
if ($gruppiSeriali.Count -gt 1) {
Write-Output "ERRORE: Seriali SOA diversi tra gli IP del nameserver!"
} else {
Write-Output "OK: Tutti gli IP del nameserver hanno lo stesso seriale SOA."
}
}
#esempio
IPSOATest -domain "gidinet.it" -server "dns1.gidinet.com" -testIpv6
NameserverReturnCodeTest
Questo controllo non è un test autonomo, ma una verifica trasversale applicata a tutte le query DNS durante l'esecuzione del test del Registro.
Il Registro considera fallito qualunque passaggio in cui la risposta DNS abbia un return-code diverso da NOERROR (es. SERVFAIL, REFUSED, NXDOMAIN, ecc.).
Si può replicare facendo una query e controllando il campo ReturnCode nella risposta, ad esempio:
$resolver = [DnsClient.LookupClient]::new([System.Net.Dns]::GetHostAddresses("dns1.gidinet.com")[0])
$response = $resolver.Query("gidinet.it", [DnsClient.QueryType]::NS)
$response.Header.ResponseCode
AATest
Verifica il flag autoritativo nella risposta DNS.
function AATest {
param(
[string]$domain,
[string]$server,
[switch]$testIpv6
)
$lookup = New-Object DnsClient.LookupClient
$ipv4 = $lookup.Query($server, [DnsClient.QueryType]::A)
$ipv6 = $lookup.Query($server, [DnsClient.QueryType]::AAAA)
foreach ($ip in $ipv4.Answers) {
$addr = $ip.Address
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($addr))
$response = $resolver.Query($domain, [DnsClient.QueryType]::SOA)
$aa = $response.Header.HasAuthorityAnswer
Write-Output "nameserver '$server' IP '${addr.IPAddressToString}': Autoritativo? $aa"
}
if ($testIpv6) {
foreach ($ip in $ipv6.Answers) {
$addr = $ip.Address
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($addr))
$response = $resolver.Query($domain, [DnsClient.QueryType]::SOA)
$aa = $response.Header.HasAuthorityAnswer
Write-Output "nameserver '$server' IP '${addr.IPAddressToString}': Autoritativo? $aa"
}
}
}
#esempio
AATest -domain "gidinet.it" -server "dns1.gidinet.com" -testIpv6
NSCountTest
Conta i record NS restituiti.
function NSCountTest {
param(
[string]$domain,
[string]$server,
[switch]$testIpv6
)
$lookup = New-Object DnsClient.LookupClient
$ipv4 = $lookup.Query($server, [DnsClient.QueryType]::A)
$ipv6 = $lookup.Query($server, [DnsClient.QueryType]::AAAA)
foreach ($ip in $ipv4.Answers) {
$addr = $ip.Address
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($addr))
$response = $resolver.Query($domain, [DnsClient.QueryType]::NS)
$count = $response.Answers.Count
$ipStr = $addr.IPAddressToString
Write-Output "nameserver '$server' IP '$ipStr': trovati $count record NS"
}
if ($testIpv6) {
foreach ($ip in $ipv6.Answers) {
$addr = $ip.Address
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($addr))
$response = $resolver.Query($domain, [DnsClient.QueryType]::NS)
$count = $response.Answers.Count
$ipStr = $addr.IPAddressToString
Write-Output "nameserver '$server' IP '$ipStr': trovati $count record NS"
}
}
}
#esempio
NSCountTest -domain "gidinet.it" -server "dns1.gidinet.com" -testIpv6NSCompareTest
Confronta i nameserver dichiarati con quelli presenti nella zona DNS.
function NSCompareTest {
param(
[string]$domain,
[string[]]$nameservers,
[switch]$testIpv6
)
$lookup = New-Object DnsClient.LookupClient
$expectedNs = $nameservers | ForEach-Object { $_.TrimEnd('.').ToLower() } | Sort-Object -Unique
$testPassedEverywhere = $true
foreach ($ns in $nameservers) {
$ipv4 = $lookup.Query($ns, [DnsClient.QueryType]::A)
$ipv6 = $lookup.Query($ns, [DnsClient.QueryType]::AAAA)
foreach ($ip in $ipv4.Answers) {
$addr = $ip.Address
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($addr))
$response = $resolver.Query($domain, [DnsClient.QueryType]::NS)
$returned = $response.Answers | ForEach-Object {
($_.NSDName).Value.TrimEnd('.').ToLower()
} | Sort-Object -Unique
$ipStr = $addr.IPAddressToString
# PowerShell confronta gli array come oggetti, non per contenuto, unisco con separatore e confronto le stringhe
if (($returned -join '|') -ne ($expectedNs -join '|')) {
Write-Output "ERRORE: [$ns][$ipStr]: nameserver NON allineato. Risponde con: $($returned -join ', ')"
$testPassedEverywhere = $false
} else {
Write-Output "OK: [$ns][$ipStr]: lista NS allineata."
}
}
if ($testIpv6) {
foreach ($ip in $ipv6.Answers) {
$addr = $ip.Address
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($addr))
$response = $resolver.Query($domain, [DnsClient.QueryType]::NS)
$returned = $response.Answers | ForEach-Object {
($_.NSDName).Value.TrimEnd('.').ToLower()
} | Sort-Object -Unique
$ipStr = $addr.IPAddressToString
# PowerShell confronta gli array come oggetti, non per contenuto, unisco con separatore e confronto le stringhe
if (($returned -join '|') -ne ($expectedNs -join '|')) {
Write-Output "ERRORE: [$ns][$ipStr]: nameserver NON allineato. Risponde con: $($returned -join ', ')"
$testPassedEverywhere = $false
} else {
Write-Output "OK: [$ns][$ipStr]: lista NS allineata."
}
}
}
}
Write-Output ""
if ($testPassedEverywhere) {
Write-Output "OK: Tutti i nameserver restituiscono la lista corretta di record NS."
} else {
Write-Output "ERRORE: Almeno un nameserver restituisce un elenco NS diverso da quello dichiarato."
}
}
$ns = @("dns1.gidinet.com", "dns2.gidinet.com", "dns3.gidinet.com", "dns4.gidinet.com", "dns5.gidinet.com")
NSCompareTest -domain "gidinet.it" -nameservers $ns -testIpv6
CNAMEHostTest
Verifica se un hostname restituisce un CNAME (non valido per SOA/NS/MX).
function CNAMEHostTest {
param(
[string]$domain,
[string]$server,
[switch]$testIpv6
)
$lookup = New-Object DnsClient.LookupClient
$ipv4 = $lookup.Query($server, [DnsClient.QueryType]::A)
$ipv6 = $lookup.Query($server, [DnsClient.QueryType]::AAAA)
$hostnames = @()
foreach ($ip in $ipv4.Answers) {
$addr = $ip.Address
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($addr))
# prendo MNAME da SOA
$soa = $resolver.Query($domain, [DnsClient.QueryType]::SOA)
if ($soa.Answers.Count -gt 0) {
$hostnames += $soa.Answers[0].MName
}
# prendo target degli NS
$ns = $resolver.Query($domain, [DnsClient.QueryType]::NS)
$ns.Answers | ForEach-Object { $hostnames += $_.NSDName }
# prendo gli exchange (MX)
$mx = $resolver.Query($domain, [DnsClient.QueryType]::MX)
$mx.Answers | ForEach-Object { $hostnames += $_.Exchange }
}
if ($testIpv6) {
foreach ($ip in $ipv6.Answers) {
$addr = $ip.Address
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($addr))
$soa = $resolver.Query($domain, [DnsClient.QueryType]::SOA)
if ($soa.Answers.Count -gt 0) {
$hostnames += $soa.Answers[0].MName
}
$ns = $resolver.Query($domain, [DnsClient.QueryType]::NS)
$ns.Answers | ForEach-Object { $hostnames += $_.NSDName }
$mx = $resolver.Query($domain, [DnsClient.QueryType]::MX)
$mx.Answers | ForEach-Object { $hostnames += $_.Exchange }
}
}
$hostnames = $hostnames | Sort-Object -Unique
$resolverDefault = New-Object DnsClient.LookupClient
foreach ($target in $hostnames) {
$cnameCheck = $resolverDefault.Query($target, [DnsClient.QueryType]::CNAME)
if ($cnameCheck.Answers.Count -gt 0) {
Write-Output "ERRORE: Hostname '$target' è un CNAME, NON È VALIDO"
} else {
Write-Output "OK: Hostname '$target' non è un CNAME"
}
}
}
#esempio
CNAMEHostTest -domain "gidinet.it" -server "dns1.gidinet.com" -testIpv6
IPCompareTest
Verifica gli IP restituiti da DNS per un hostname subordinato.
function IPCompareTest {
param(
[string]$nameserverHostname,
[string]$nameserverIp,
[ValidateSet(4,6)]
[int]$ipVersion
)
$ns = [Net.IPAddress]::Parse($nameserverIp)
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($ns))
if ($ipVersion -eq 4) {
$queryType = [DnsClient.QueryType]::A
} else {
$queryType = [DnsClient.QueryType]::AAAA
}
try {
$response = $resolver.Query($nameserverHostname, $queryType)
$foundIps = $response.Answers | ForEach-Object { $_.Address.IPAddressToString }
if ($foundIps -contains $nameserverIp) {
Write-Output "OK: IP $nameserverIp presente nei record $queryType per $nameserverHostname"
} else {
Write-Output "ERRORE: IP $nameserverIp NON presente nei record $queryType per $nameserverHostname"
Write-Output " Risultati: $($foundIps -join ', ')"
}
} catch {
Write-Output "ERRORE: Errore durante la query al nameserver ${nameserverIp}: $_"
}
}
#esempi
# Controllo di un record A
IPCompareTest -nameserverHostname "dnssubordinato1.dominio.it" -nameserverIp "1.2.3.4" -ipVersion 4
# Controllo di un record AAAA
IPCompareTest -nameserverHostname "dnssubordinato1.dominio.it" -nameserverIp "2001::1" -ipVersion 6
MXQueryAnswerTest
Verifica la risposta MX e se è autoritativa e con return-code NOERROR.
function MXQueryAnswerTest {
param(
[string]$domain,
[string[]]$nameservers,
[switch]$testIpv6
)
$lookup = New-Object DnsClient.LookupClient
foreach ($ns in $nameservers) {
$ipv4 = $lookup.Query($ns, [DnsClient.QueryType]::A)
$ipv6 = $lookup.Query($ns, [DnsClient.QueryType]::AAAA)
foreach ($ip in $ipv4.Answers) {
$addr = $ip.Address
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($addr))
$response = $resolver.Query($domain, [DnsClient.QueryType]::MX)
$rcode = $response.Header.ResponseCode
$aa = $response.Header.HasAuthorityAnswer
$ipStr = $addr.IPAddressToString
Write-Output "nameserver '$ns' IP '$ipStr': ReturnCode=$rcode, Autoritativo? $aa"
}
if ($testIpv6) {
foreach ($ip in $ipv6.Answers) {
$addr = $ip.Address
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($addr))
$response = $resolver.Query($domain, [DnsClient.QueryType]::MX)
$rcode = $response.Header.ResponseCode
$aa = $response.Header.HasAuthorityAnswer
$ipStr = $addr.IPAddressToString
Write-Output "nameserver '$ns' IP '$ipStr': ReturnCode=$rcode, Autoritativo? $aa"
}
}
}
}
#esempio
$ns = @("dns1.gidinet.com", "dns2.gidinet.com", "dns3.gidinet.com", "dns4.gidinet.com", "dns5.gidinet.com")
MXQueryAnswerTest -domain "gidinet.it" -nameservers $ns -testIpv6
MXCompareTest
Confronta i record MX restituiti da più nameserver.
function MXCompareTest {
param(
[string]$domain,
[string[]]$nameservers,
[switch]$testIpv6
)
$lookup = New-Object DnsClient.LookupClient
$resultSet = @()
foreach ($ns in $nameservers) {
$ipv4 = $lookup.Query($ns, [DnsClient.QueryType]::A)
$ipv6 = $lookup.Query($ns, [DnsClient.QueryType]::AAAA)
foreach ($ip in $ipv4.Answers) {
$addr = $ip.Address
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($addr))
$response = $resolver.Query($domain, [DnsClient.QueryType]::MX)
$mxRecords = $response.Answers | ForEach-Object {
"$($_.Preference)-$($_.Exchange)"
} | Sort-Object
$mxKey = ($mxRecords -join "|")
$resultSet += [PSCustomObject]@{
ns = $ns
ip = $addr.IPAddressToString
mx = $mxKey
}
}
if ($testIpv6) {
foreach ($ip in $ipv6.Answers) {
$addr = $ip.Address
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($addr))
$response = $resolver.Query($domain, [DnsClient.QueryType]::MX)
$mxRecords = $response.Answers | ForEach-Object {
"$($_.Preference)-$($_.Exchange)"
} | Sort-Object
$mxKey = ($mxRecords -join "|")
$resultSet += [PSCustomObject]@{
ns = $ns
ip = $addr.IPAddressToString
mx = $mxKey
}
}
}
}
# Output dettagliato
foreach ($entry in $resultSet) {
Write-Output "MX da $($entry.ns) ($($entry.ip)): $($entry.mx)"
}
# Verifica univocità dei set MX
$mxVarianti = $resultSet | Select-Object -ExpandProperty mx | Sort-Object -Unique
if ($mxVarianti.Count -gt 1) {
Write-Output "ERRORE: I record MX restituiti dai nameserver NON coincidono."
} else {
Write-Output "OK: Tutti i nameserver restituiscono gli stessi record MX."
}
}
#esempio
$ns = @("dns1.gidinet.com", "dns2.gidinet.com", "dns3.gidinet.com", "dns4.gidinet.com", "dns5.gidinet.com")
MXCompareTest -domain "gidinet.it" -nameservers $ns -testIpv6
MXRecordIsPresentTest
Verifica la presenza dei record MX.
function MXRecordIsPresentTest {
param(
[string]$domain,
[string]$server,
[switch]$testIpv6
)
$lookup = New-Object DnsClient.LookupClient
$ipv4 = $lookup.Query($server, [DnsClient.QueryType]::A)
$ipv6 = $lookup.Query($server, [DnsClient.QueryType]::AAAA)
foreach ($ip in $ipv4.Answers) {
$addr = $ip.Address
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($addr))
$response = $resolver.Query($domain, [DnsClient.QueryType]::MX)
$count = $response.Answers.Count
$ipStr = $addr.IPAddressToString
Write-Output "nameserver '$server' IP '$ipStr': trovati $count record MX"
}
if ($testIpv6) {
foreach ($ip in $ipv6.Answers) {
$addr = $ip.Address
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($addr))
$response = $resolver.Query($domain, [DnsClient.QueryType]::MX)
$count = $response.Answers.Count
$ipStr = $addr.IPAddressToString
Write-Output "nameserver '$server' IP '$ipStr': trovati $count record MX"
}
}
}
#esempio
MXRecordIsPresentTest -domain "gidinet.it" -server "dns1.gidinet.com" -testIpv6
SOAMasterCompareTest
Confronta il campo MNAME del record SOA su più NS.
function SOAMasterCompareTest {
param(
[string]$domain,
[string[]]$nameservers,
[switch]$testIpv6
)
$lookup = New-Object DnsClient.LookupClient
$results = @()
foreach ($ns in $nameservers) {
$ipv4 = $lookup.Query($ns, [DnsClient.QueryType]::A)
$ipv6 = $lookup.Query($ns, [DnsClient.QueryType]::AAAA)
foreach ($ip in $ipv4.Answers) {
$addr = $ip.Address
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($addr))
$response = $resolver.Query($domain, [DnsClient.QueryType]::SOA)
$mname = $response.Answers[0].MName
$results += @{ ns = $ns; ip = $addr.IPAddressToString; mname = $mname }
}
if ($testIpv6) {
foreach ($ip in $ipv6.Answers) {
$addr = $ip.Address
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($addr))
$response = $resolver.Query($domain, [DnsClient.QueryType]::SOA)
$mname = $response.Answers[0].MName
$results += @{ ns = $ns; ip = $addr.IPAddressToString; mname = $mname }
}
}
}
foreach ($entry in $results) {
Write-Output "SOA da $($entry['ns']) ($($entry['ip'])): MNAME = $($entry['mname'])"
}
$unici = $results | Select-Object -ExpandProperty mname | Sort-Object -Unique
if ($unici.Count -gt 1) {
Write-Output "ERRORE: I valori MNAME non coincidono tra i nameserver!"
} else {
Write-Output "OK: Tutti i nameserver restituiscono lo stesso MNAME nel record SOA."
}
}
#esempio
$ns = @("dns1.gidinet.com", "dns2.gidinet.com", "dns3.gidinet.com", "dns4.gidinet.com", "dns5.gidinet.com")
SOAMasterCompareTest -domain "gidinet.it" -nameservers $ns
SOAQueryAnswerTest
Verifica che la risposta SOA sia autoritativa.
function SOAQueryAnswerTest {
param(
[string]$domain,
[string]$server,
[switch]$testIpv6
)
$lookup = New-Object DnsClient.LookupClient
$ipv4 = $lookup.Query($server, [DnsClient.QueryType]::A)
$ipv6 = $lookup.Query($server, [DnsClient.QueryType]::AAAA)
foreach ($ip in $ipv4.Answers) {
$addr = $ip.Address
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($addr))
$response = $resolver.Query($domain, [DnsClient.QueryType]::SOA)
$ipStr = $addr.IPAddressToString
$rcode = $response.Header.ResponseCode
$aa = $response.Header.HasAuthorityAnswer
Write-Output "nameserver '$server' IP '$ipStr': ReturnCode=$rcode, Autoritativo? $aa"
}
if ($testIpv6) {
foreach ($ip in $ipv6.Answers) {
$addr = $ip.Address
$resolver = [DnsClient.LookupClient]::new([DnsClient.NameServer]::new($addr))
$response = $resolver.Query($domain, [DnsClient.QueryType]::SOA)
$ipStr = $addr.IPAddressToString
$rcode = $response.Header.ResponseCode
$aa = $response.Header.HasAuthorityAnswer
Write-Output "nameserver '$server' IP '$ipStr': ReturnCode=$rcode, Autoritativo? $aa"
}
}
}
#esempio
SOAQueryAnswerTest -domain "gidinet.it" -server "dns1.gidinet.com" -testIpv6
Licenza del codice
Gli script presenti in questa pagina sono stati realizzati da GiDiNet.com per finalità tecniche e didattiche. Sono distribuiti con licenza Creative Commons Attribution 4.0. Puoi copiarli, modificarli e utilizzarli anche per scopi commerciali, ma devi citarne la fonte: www.registrazionedomini.info oppure GiDiNet.com.