All scripts
analysis
Advanced
~4 min
DNS Security Analyzer
DNS security audit: DNSSEC chain of trust validation, zone transfer attempt detection, DNS tunneling signature detection via query entropy analysis, recursive resolver abuse, and cache poisoning indicators.
cisco-ios
juniper
You're viewing a preview
The full script, parameters, and execution console are available with a free account.
Already have access? Sign in โ
Capabilities
- DNS
- DNSSEC
- Tunneling
- Zone transfer
- Entropy
- DNSSEC chain validate
Required inputs
Parameters the script accepts. Defaults shown; some are vendor- or context-gated.
| Parameter | Type | Default | Notes |
|---|---|---|---|
Check DNSSEC check_dnssec | bool | true | โ |
Sample inventory schema
Authoritative shape of the device/policy data this script consumes.
No bundled inventory sample. The script accepts standard device lists (CSV/YAML) with hostname, mgmt IP, vendor, and credentials.
Expected output
Reference terminal output the script should produce โ used as a stylistic and structural target.
terminal
[INFO] Resolved 250 A/AAAA records across 4 resolvers [CRIT] resolver-2: DNSSEC validation DISABLED [WARN] Open recursion detected on 10.0.0.53 [CRIT] NXDOMAIN flood: 1.4k/min from 10.20.5.0/24 โ possible DGA [OK] No cache poisoning indicators in 1h sample