# DNS Validator
A comprehensive cross-platform CLI tool for DNS validation, featuring delegation checks, propa# Run all checks at once
python dns_validator_cli.py full example.com
# Advanced security and analysis features (NEW!)
python#### `dnssec <domain>`
🔐 **Check DNSSEC validation status and security chain (NEW!)**
**Features:**
- Validates complete DNSSEC chain
- Checks DS records in parent zone
- Verifies DNSKEY records
- Analyzes RRSIG signatures
- Validates DNSSEC authentication chain
#### `reverse-dns <ip_address>`
🔄 **Check reverse DNS (PTR) records and consistency (NEW!)**
**Features:**
- PTR record validation
- Forward/reverse consistency checking
- IPv4 and IPv6 support
- Comprehensive reverse lookup analysis
#### `cache-analysis <domain>`
📊 **Analyze DNS caching behavior and TTL compliance (NEW!)**
**Options:**
- `--type, -t`: DNS record type to analyze (default: A)
**Features:**
- TTL compliance checking across multiple servers
- Cache behavior analysis
- Optimal TTL recommendations
- Cache poisoning detection indicators
- Performance optimization suggestions
#### `health-monitor <domain>`
🏥 **Monitor DNS health in real-time with alerting (NEW!)**
**Options:**
- `--duration, -d`: Monitoring duration in minutes (default: 60)
- `--interval, -i`: Check interval in seconds (default: 300)
**Features:**
- Real-time DNS health monitoring
- Automated alerting on failures
- Historical tracking and logging
- Comprehensive health metrics
- Exportable monitoring reports
#### `bulk <domains_file>`
🚀 **Process multiple domains in parallel with progress tracking (NEW!)**
**Options:**
- `--checks, -c`: DNS checks to perform (delegation, propagation, provider, dnssec, security, certificate, ipv6, reverse-dns)
- `--workers, -w`: Number of parallel workers (default: 10)
- `--output, -o`: Output file for batch report (supports .json, .html, .csv)
- `--format, -f`: Output format (overrides file extension)
**Features:**
- **Parallel processing** with configurable worker threads
- **Real-time progress tracking** with live status updates
- **Comprehensive batch reporting** in multiple formats
- **Error handling and recovery** with detailed failure logs
- **Performance metrics** including processing speed and success rates
#### `create-bulk-file <output_file>`
📝 **Create a domains file for bulk processing (NEW!)**
**Options:**
- `--from-clipboard`: Read domains from clipboard
**Features:**
- **Domain validation** and automatic cleanup
- **Flexible input** from command line or clipboard
- **Formatted output** with comments and metadata
#### `creds`
🔐 **Manage API credentials for DNS providers**
**Subcommands:**
- `add <provider> <name>`: Add new credentials with secure encryption
- `list`: Display all stored credentials (secrets masked)
- `edit <provider> <name>`: Interactively edit existing credentials
- `delete <provider> <name>`: Remove stored credentials
- `test <provider> <name> <domain>`: Test credentials with API call
- `export <file>`: Export credential structure (optional --include-secrets)
- `clear`: Remove all stored credentials
**Features:**
- 🔒 AES-256 encryption for all sensitive data
- 🏢 Multi-provider support (Cloudflare, AWS, Google Cloud, Azure, DigitalOcean)
- 👥 Multiple credential sets per provider (staging, production, etc.)
- 🔐 Interactive secure input for sensitive fields
- 📁 Secure storage in `~/.dns-validator/` directory
- 📤 Safe export/backup functionality
#### `geo-dns <domain>`
🌍 **Test DNS resolution from different geographic locations (NEW!)**
**Features:**
- DNS resolution testing from 15+ global locations
- GeoDNS routing validation and detection
- CDN endpoint identification and analysis
- Response time comparison across regions
- Geographic consistency checking
- Routing pattern analysis
#### `load-balancer <domain>`
⚖️ **Check load balancer health and validate multiple A records (NEW!)**
**Features:**
- Multiple A record health validation
- TCP connectivity testing on common ports
- HTTP/HTTPS endpoint health checks
- Load balancing pattern analysis (round-robin vs weighted)
- Failover capability assessment
- Redundancy level evaluation
- Distribution consistency testing
#### `ipv6-check <domain>`
📡 **Enhanced IPv6 support validation including dual-stack configuration (NEW!)**
**Features:**
- AAAA record validation and analysis
- IPv6-only DNS server testing (6 major providers)
- Dual-stack configuration verification
- IPv6 connectivity testing (ping + TCP)
- DNS-over-IPv6 functionality validation
- IPv6 readiness scoring (0-100)
- Configuration recommendations
- Forward/reverse IPv6 consistency
#### `security-analysis <domain>`
🔒 **Comprehensive DNS security analysis including vulnerabilities and threats (NEW!)**
**Features:**
- Open resolver detection and testing
- DNS amplification vulnerability assessment
- Subdomain enumeration protection analysis
- Enhanced DNSSEC security evaluation
- Security scoring system (0-100)
- Vulnerability identification and classification
- Comprehensive security recommendations
- Risk level assessment and mitigation guidance
#### `certificate-analysis <domain>`
🏆 **Certificate and SSL/TLS analysis with CT logs and CAA validation (NEW!)**
**Features:**
- Certificate Transparency log monitoring
- CAA (Certificate Authority Authorization) record validation
- SSL/TLS configuration analysis and grading
- Certificate chain validation and trust verification
- SSL/TLS protocol and cipher suite evaluation
- Certificate expiration and validity checking
- Security score calculation and recommendations
- Certificate authority compliance verification
## Usage Examples
```bash
# Basic DNS validation
python dns_validator_cli.py check example.com
# Advanced security and analysis features
python dns_validator_cli.py dnssec example.com
python dns_validator_cli.py reverse-dns 192.168.1.1
python dns_validator_cli.py cache-analysis example.com --type A
python dns_validator_cli.py health-monitor example.com --duration 30 --interval 60
# Geographic and load balancer testing (NEW!)
python dns_validator_cli.py geo-dns example.com
python dns_validator_cli.py load-balancer cloudflare.com
python dns_validator_cli.py ipv6-check google.com
# Security and certificate analysis (NEW!)
python dns_validator_cli.py security-analysis example.com
python dns_validator_cli.py certificate-analysis example.com
# Manage API credentials (NEW!)
python dns_validator_cli.py creds add Cloudflare production --api-token YOUR_TOKEN
python dns_validator_cli.py creds list
python dns_validator_cli.py provider example.com --provider cloudflare --cred-name production
# Enable verbose output for any command
python dns_validator_cli.py --verbose delegation example.comting, and DNS provider settings analysis.
## Features
### 🔍 **Core DNS Validation**
- **DNS Delegation Check**: Verify DNS delegation and authoritative name servers
- **Propagation Check**: Test DNS propagation across multiple public DNS servers
- **Multi-Provider DNS Settings**: Detect and analyze DNS settings from 50+ providers including Cloudflare, AWS Route 53, Google Cloud DNS, Azure DNS, and more
### 🔐 **Security & DNSSEC**
- **DNSSEC Validation**: Complete DNSSEC chain validation including DS, DNSKEY, and RRSIG records
- **DNS Security Analysis**: Open resolver detection, amplification vulnerability assessment, subdomain protection
- **Certificate Integration**: Certificate Transparency logs, CAA record validation, SSL/TLS configuration analysis
- **Security Scoring**: Comprehensive 0-100 security scoring with vulnerability classification
- **Secure Credential Management**: Encrypted storage and management of API keys for multiple providers
- **Reverse DNS Validation**: PTR record validation with forward/reverse consistency checking
### 📊 **Advanced Analysis**
- **DNS Cache Analysis**: TTL compliance checking, cache behavior analysis, and optimization recommendations
- **DNS Health Monitoring**: Real-time monitoring with alerting and historical tracking
- **Performance Benchmarking**: Response time analysis across multiple DNS servers
- **DNS Query Analytics**: Real-time query type distribution, geographic analysis, and temporal pattern detection
- **Advanced Reporting**: Multi-format analytics reports (executive, technical, geographic, performance)
- **DNS Insights Engine**: Intelligent pattern recognition with baseline establishment and anomaly detection
### 🛠 **User Experience**
- **Verbose CLI Output**: Detailed logging and colored output for better debugging
- **Cross-platform Compatibility**: Works on Windows, Linux, and macOS
- **Concurrent Processing**: Fast parallel DNS queries for efficient testing
## Installation
### Method 1: Direct Installation (Recommended)
```bash
# Clone the repository
git clone https://github.com/HereLiesHugo/dns-validator.git
cd dns-validator
# Install dependencies
pip install -r requirements.txt
# Make the script executable (Linux/macOS)
chmod +x dns_validator.py
```
### Method 2: Package Installation (pip)
```bash
# Install from PyPI (when available)
pip install dns-validator
# Install from GitHub
pip install git+https://github.com/HereLiesHugo/dns-validator.git
# Install in development mode
git clone https://github.com/HereLiesHugo/dns-validator.git
cd dns-validator
pip install -e .
```
## Usage
### Execution Methods
The DNS Validator can be executed in multiple ways:
1. **Via pip installation (recommended):**
```bash
dns-validator [command] [options]
dnsval [command] [options] # Short alias
```
2. **Direct script execution:**
```bash
python dns_validator_cli.py [command] [options]
```
3. **As Python module:**
```bash
python -m dns_validator [command] [options]
```
### Basic Commands
```bash
# Check DNS delegation (direct script execution)
python dns_validator_cli.py delegation example.com
# Or if installed via pip
dns-validator delegation example.com
# Check DNS propagation (A record)
python dns_validator.py propagation example.com
# Check propagation for specific record type
python dns_validator.py propagation example.com --type MX
# Check propagation with expected value validation
python dns_validator.py propagation example.com --expected "192.168.1.1"
# Detect DNS providers
python dns_validator.py providers example.com
# List all supported providers
python dns_validator.py list-providers
# Check provider settings (with API integration)
python dns_validator.py provider example.com --api-token your_token
# Check Cloudflare settings (legacy command)
python dns_validator.py cloudflare example.com --api-token your_cf_token
# Run all checks at once
python dns_validator.py full example.com
# Manage API credentials (NEW!)
python dns_validator.py creds add Cloudflare production --api-token YOUR_TOKEN
python dns_validator.py creds list
python dns_validator.py provider example.com --provider cloudflare --cred-name production
# Enable verbose output for any command
python dns_validator.py --verbose delegation example.com
```
### Bulk Processing Examples (NEW!)
```bash
# Create domains file from command line
dns-validator create-bulk-file my-domains.txt example.com google.com github.com cloudflare.com
# Create domains file from clipboard
dns-validator create-bulk-file domains.txt --from-clipboard
# Basic bulk processing (delegation + propagation)
dns-validator bulk my-domains.txt
# Full security analysis for multiple domains
dns-validator bulk my-domains.txt \
--checks delegation \
--checks propagation \
--checks provider \
--checks dnssec \
--checks security \
--checks certificate
# High-performance processing with custom workers
dns-validator bulk large-domain-list.txt \
--workers 25 \
--checks delegation \
--checks propagation \
--output results.html
# Generate comprehensive JSON report
dns-validator bulk domains.txt \
--checks delegation \
--checks security \
--checks ipv6 \
--output detailed-report.json
# Quick CSV report for spreadsheet analysis
dns-validator bulk company-domains.txt \
--output quick-report.csv \
--format csv
```
### Advanced Usage Examples
```bash
# Comprehensive check with all options
python dns_validator.py full example.com \
--type A \
--expected "192.168.1.1" \
--api-token your_cloudflare_token
# Check MX record propagation
python dns_validator.py propagation example.com --type MX --verbose
# Validate CNAME record
python dns_validator.py propagation subdomain.example.com --type CNAME
```
### DNS Query Analytics Examples (NEW!)
```bash
# Basic query analytics (5 minutes of data collection)
dns-validator query-analytics example.com
# Comprehensive analytics with geographic analysis
dns-validator query-analytics example.com \
--duration 900 \
--interval 10 \
--geographic \
--performance \
--output analytics-data.json
# Custom query types and resolvers
dns-validator query-analytics example.com \
--query-types A,AAAA,MX,NS,TXT,CNAME,SOA \
--resolvers 8.8.8.8,1.1.1.1,9.9.9.9 \
--duration 600
# Generate executive summary report
dns-validator analytics-report analytics-data.json \
--format executive \
--output summary-report.md \
--include-charts
# Technical deep-dive report
dns-validator analytics-report analytics-data.json \
--format technical \
--output tech-analysis.html \
--detailed
# Geographic optimization report
dns-validator analytics-report analytics-data.json \
--format geographic \
--output geo-analysis.txt
# Performance monitoring report with alerts
dns-validator analytics-report analytics-data.json \
--format performance \
--threshold 50 \
--timeframe 24h
# Quick DNS insights (1 minute analysis)
dns-validator dns-insights example.com --quick
# Comprehensive insights with baseline establishment
dns-validator dns-insights example.com \
--comprehensive \
--baseline \
--export-insights \
--alert-thresholds
# Compare current performance with historical data
dns-validator dns-insights example.com \
--compare previous-insights.json \
--export-insights current-insights.json
```
## Command Reference
### Global Options
- `--verbose, -v`: Enable verbose output with detailed logging
### Commands
#### `delegation <domain>`
Check DNS delegation for a domain.
**Features:**
- Validates authoritative name servers
- Checks parent delegation
- Identifies delegation issues
#### `propagation <domain>`
Check DNS propagation across multiple DNS servers.
**Options:**
- `--type, -t`: DNS record type (default: A)
- `--expected, -e`: Expected value to validate against
**Features:**
- Tests 8 major public DNS servers (Google, Cloudflare, Quad9, etc.)
- Concurrent queries for fast results
- Consistency checking across servers
- Response time measurement
#### `providers <domain>`
Detect DNS providers for a domain.
**Features:**
- Identifies primary and secondary DNS providers
- Shows all detected providers
- Lists nameserver details
#### `list-providers`
List all supported DNS providers.
**Features:**
- Shows 50+ supported DNS providers organized by category
- Indicates API integration status
- Displays detection patterns
#### `provider <domain>`
Check DNS provider settings with API integration.
**Options:**
- `--provider`: Specify provider to check
- `--api-token`: API token for provider integration
- `--api-secret`: API secret for providers that require it
- `--access-key`: Access key for AWS Route 53
- `--secret-key`: Secret key for AWS Route 53
- `--service-account`: Service account file for Google Cloud DNS
**Features:**
- Auto-detects DNS provider
- API integration for detailed settings
- DNS record retrieval and analysis
- Provider-specific configuration display
#### `cloudflare <domain>`
Check Cloudflare DNS settings (legacy command).
**Options:**
- `--api-token`: Cloudflare API token for detailed information
**Features:**
- Detects Cloudflare nameserver usage
- Retrieves zone settings (with API token)
- Lists all DNS records with proxy status
- Shows security and performance settings
#### `full <domain>`
Perform all DNS checks in sequence.
**Options:**
- `--type, -t`: DNS record type for propagation check
- `--expected, -e`: Expected value for validation
- `--api-token`: Cloudflare API token
**Features:**
- Comprehensive validation report
- Summary of all issues found
- Recommended actions
#### `creds`
🔐 **Manage API credentials for DNS providers (NEW!)**
**Subcommands:**
- `add <provider> <name>`: Add new credentials with secure encryption
- `list`: Display all stored credentials (secrets masked)
- `edit <provider> <name>`: Interactively edit existing credentials
- `delete <provider> <name>`: Remove stored credentials
- `test <provider> <name> <domain>`: Test credentials with API call
- `export <file>`: Export credential structure (optional --include-secrets)
- `clear`: Remove all stored credentials
**Features:**
- 🔒 AES-256 encryption for all sensitive data
- 🏢 Multi-provider support (Cloudflare, AWS, Google Cloud, Azure, DigitalOcean)
- 👥 Multiple credential sets per provider (staging, production, etc.)
- 🔐 Interactive secure input for sensitive fields
- 💾 Secure storage in `~/.dns-validator/` directory
- 📤 Safe export/backup functionality
#### `query-analytics <domain>`
📊 **Advanced DNS query analytics with comprehensive data collection (NEW!)**
**Options:**
- `--duration, -d`: Collection duration in seconds (default: 300)
- `--interval, -i`: Query interval in seconds (default: 5)
- `--query-types, -t`: Comma-separated query types (default: A,AAAA,MX,NS,TXT)
- `--resolvers, -r`: Comma-separated resolver IPs (uses public DNS by default)
- `--output, -o`: Output file for analytics data (JSON format)
- `--geographic`: Enable geographic analysis of query paths
- `--performance`: Include detailed performance metrics
- `--concurrent`: Maximum concurrent queries (default: 10)
**Features:**
- 📈 Real-time query type distribution analysis
- 🌍 Geographic query path tracking and analysis
- ⏰ Peak usage time detection and temporal patterns
- 📊 Response time statistics and performance trends
- 🔄 Anycast detection and routing analysis
- 💾 Structured data export for further analysis
- 📱 Progress tracking with real-time updates
#### `analytics-report <data_file>`
📋 **Generate comprehensive analytics reports from collected data (NEW!)**
**Options:**
- `--format, -f`: Report format (executive|technical|geographic|performance) (default: executive)
- `--output, -o`: Output file path (supports .txt, .md, .html, .json)
- `--timeframe, -t`: Time period filter (1h|6h|24h|7d|30d|all) (default: all)
- `--threshold`: Performance threshold for alerts (default: 100ms)
- `--include-charts`: Include ASCII charts in text reports
- `--detailed`: Generate detailed technical analysis
**Features:**
- 📊 Multiple report formats for different audiences
- 📈 Executive summaries with key performance indicators
- 🔧 Technical reports with detailed metrics and recommendations
- 🌍 Geographic analysis with routing optimization suggestions
- ⚡ Performance reports with SLA compliance tracking
- 📅 Time-based filtering and trend analysis
- 🚨 Automated alerting for performance thresholds
#### `dns-insights <domain>`
🔍 **Advanced DNS insights combining real-time analytics with historical patterns (NEW!)**
**Options:**
- `--quick, -q`: Quick insight generation (60 seconds)
- `--comprehensive, -c`: Comprehensive analysis (15 minutes)
- `--baseline, -b`: Establish performance baseline
- `--compare <file>`: Compare with previous insights data
- `--export-insights`: Export insights for trending analysis
- `--alert-thresholds`: Set custom performance alert levels
**Features:**
- 🎯 Intelligent query pattern recognition
- 📊 Automated performance baseline establishment
- 🔔 Real-time anomaly detection and alerting
- 📈 Trend analysis with historical comparison
- 🎨 Interactive insights dashboard (when supported)
- 💡 Actionable recommendations for DNS optimization
- 🔄 Continuous monitoring integration capabilities
## DNS Servers Tested
The propagation check queries the following public DNS servers:
| Provider | Primary | Secondary |
|----------|---------|-----------|
| Google | 8.8.8.8 | 8.8.4.4 |
| Cloudflare | 1.1.1.1 | 1.0.0.1 |
| Quad9 | 9.9.9.9 | - |
| OpenDNS | 208.67.222.222 | - |
| Verisign | 64.6.64.6 | - |
| Level3 | 4.2.2.1 | - |
## Supported DNS Providers
The tool supports detection and analysis of 50+ DNS providers:
### 🌐 Major Cloud Providers
- **Cloudflare** (✅ Full API Support + 🔐 Credential Management)
- **AWS Route 53** (✅ Full API Support + 🔐 Credential Management)
- **Google Cloud DNS** (✅ Full API Support + 🔐 Credential Management)
- **Azure DNS** (✅ Full API Support + 🔐 Credential Management)
- **DigitalOcean** (✅ Full API Support + 🔐 Credential Management)
### 🚀 VPS/Cloud Hosting
- DigitalOcean, Linode, Vultr, OVH, Hetzner, Scaleway
### 🏢 Domain Registrars
- Namecheap, GoDaddy, Name.com, Domain.com, Gandi, Hover, Dynadot
### 🔒 Security/Privacy DNS
- Quad9, OpenDNS
### ⚡ Performance DNS
- DNS Made Easy, NS1, Constellix, UltraDNS
### 🆓 Free DNS Services
- No-IP, DuckDNS, FreeDNS, Hurricane Electric
And many more! Use `python dns_validator.py list-providers` to see the complete list.
## API Integration
### 🔐 Secure Credential Management (NEW!)
Store your API credentials securely with AES encryption:
```bash
# Add credentials interactively (most secure)
dns-validator creds add Cloudflare production --interactive
# Add credentials via command line
dns-validator creds add AWS staging --access-key AKIA123... --secret-key abc123...
# List stored credentials
dns-validator creds list
# Use stored credentials
dns-validator provider example.com --provider cloudflare --cred-name production
# Test credentials
dns-validator creds test Cloudflare production example.com
```
### Cloudflare
```bash
# Using stored credentials (recommended)
dns-validator creds add Cloudflare production --api-token YOUR_CF_TOKEN
dns-validator provider example.com --provider cloudflare --cred-name production
# Direct usage (less secure)
dns-validator provider example.com --api-token YOUR_CF_TOKEN
```
### AWS Route 53
```bash
# Using stored credentials (recommended)
dns-validator creds add AWS production --access-key YOUR_KEY --secret-key YOUR_SECRET --region us-east-1
dns-validator provider example.com --provider aws --cred-name production
# Direct usage
dns-validator provider example.com --access-key YOUR_KEY --secret-key YOUR_SECRET
# Using default AWS credentials
dns-validator provider example.com --provider "AWS Route 53"
```
**Prerequisites:** `pip install boto3`
### Google Cloud DNS
```bash
# Using service account file
dns-validator provider example.com --service-account /path/to/service-account.json --project-id YOUR_PROJECT
```
**Prerequisites:** `pip install google-cloud-dns`
### Azure DNS
```bash
# Using service principal
dns-validator provider example.com --subscription-id SUB_ID --tenant-id TENANT_ID --client-id CLIENT_ID --client-secret CLIENT_SECRET
# Using default Azure credentials
dns-validator provider example.com --subscription-id SUB_ID --resource-group RG_NAME
```
**Prerequisites:** `pip install azure-mgmt-dns azure-identity`
### DigitalOcean
```bash
dns-validator provider example.com --api-token YOUR_DO_TOKEN
```
### Namecheap (NEW!)
```bash
# Using stored credentials (recommended)
dns-validator creds add Namecheap production --api-user YOUR_USER --api-secret YOUR_KEY --username YOUR_USERNAME --client-ip YOUR_IP
dns-validator provider example.com --provider namecheap --cred-name production
# Direct usage
dns-validator provider example.com --api-user YOUR_API_USER --api-secret YOUR_API_KEY --username YOUR_USERNAME --client-ip YOUR_CLIENT_IP
# Sandbox mode for testing
dns-validator provider example.com --api-user YOUR_API_USER --api-secret YOUR_API_KEY --sandbox
```
### GoDaddy (NEW!)
```bash
# Using stored credentials (recommended)
dns-validator creds add GoDaddy production --api-token YOUR_API_KEY --api-secret YOUR_API_SECRET
dns-validator provider example.com --provider godaddy --cred-name production
# Direct usage
dns-validator provider example.com --api-token YOUR_API_KEY --api-secret YOUR_API_SECRET
```
### Name.com (NEW!)
```bash
# Using stored credentials (recommended)
dns-validator creds add "Name.com" production --api-token YOUR_USERNAME --api-secret YOUR_API_TOKEN
dns-validator provider example.com --provider "Name.com" --cred-name production
# Direct usage
dns-validator provider example.com --api-token YOUR_USERNAME --api-secret YOUR_API_TOKEN
```
### Gandi (NEW!)
```bash
# Using stored credentials (recommended)
dns-validator creds add Gandi production --api-token YOUR_API_KEY
dns-validator provider example.com --provider gandi --cred-name production
# Direct usage
dns-validator provider example.com --api-token YOUR_API_KEY
```
### OVH (NEW!)
```bash
# Using stored credentials (recommended)
dns-validator creds add OVH production --application-key YOUR_APP_KEY --application-secret YOUR_APP_SECRET --consumer-key YOUR_CONSUMER_KEY --endpoint ovh-eu
dns-validator provider example.com --provider ovh --cred-name production
# Direct usage
dns-validator provider example.com --application-key YOUR_APP_KEY --application-secret YOUR_APP_SECRET --consumer-key YOUR_CONSUMER_KEY --endpoint ovh-eu
```
For detailed setup instructions, see [CLOUD_PROVIDER_SETUP.md](CLOUD_PROVIDER_SETUP.md).
## Examples
### Check if DNS changes have propagated
```bash
# After updating A record to point to new server
python dns_validator.py propagation example.com --expected "192.168.1.100"
```
### Troubleshoot DNS delegation issues
```bash
# Check if nameservers are properly configured
python dns_validator.py delegation example.com --verbose
```
### Detect and validate DNS provider
```bash
# Detect DNS provider
python dns_validator.py providers example.com
# Store credentials securely
python dns_validator.py creds add Cloudflare production --api-token your_token
# Check provider settings with stored credentials
python dns_validator.py provider example.com --provider cloudflare --cred-name production
# Direct API usage (less secure)
python dns_validator.py provider example.com --api-token your_token
# Legacy Cloudflare check
python dns_validator.py cloudflare example.com --api-token your_token
```
### Advanced DNS Security and Analysis Examples
```bash
# DNSSEC validation for security-conscious domains
python dns_validator_cli.py dnssec cloudflare.com
python dns_validator_cli.py dnssec --verbose your-secure-domain.com
# Reverse DNS validation for mail servers and security
python dns_validator_cli.py reverse-dns 8.8.8.8
python dns_validator_cli.py reverse-dns 2001:4860:4860::8888
# DNS cache analysis for performance optimization
python dns_validator_cli.py cache-analysis example.com --type A
python dns_validator_cli.py cache-analysis mail.example.com --type MX
# Real-time DNS health monitoring
python dns_validator_cli.py health-monitor example.com --duration 60 --interval 300
python dns_validator_cli.py health-monitor critical-site.com --duration 1440 --interval 60 # 24 hours
```
### Credential Management Examples
```bash
# Add multiple environments
python dns_validator.py creds add Cloudflare staging --interactive
python dns_validator.py creds add Cloudflare production --interactive
python dns_validator.py creds add AWS dev --access-key KEY1 --secret-key SECRET1
python dns_validator.py creds add AWS prod --access-key KEY2 --secret-key SECRET2
# List all stored credentials
python dns_validator.py creds list
# Test credentials
python dns_validator.py creds test Cloudflare production example.com
# Export backup (structure only)
python dns_validator.py creds export backup.json
# Export with secrets (use with caution)
python dns_validator.py creds export full-backup.json --include-secrets
# Edit existing credentials
python dns_validator.py creds edit Cloudflare production
# Delete credentials
python dns_validator.py creds delete AWS dev
# Clear all credentials
python dns_validator.py creds clear
```
### Complete domain validation
```bash
# Run all checks with verbose output
python dns_validator.py --verbose full example.com --api-token your_token
```
## Output Colors
The tool uses colored output for better readability:
- 🟢 **Green**: Success, valid configurations
- 🔴 **Red**: Errors, failed validations
- 🟡 **Yellow**: Warnings, inconsistencies
- 🔵 **Blue**: Information, processing status
- 🟣 **Magenta**: Headers, summaries
## Troubleshooting
### Common Issues
1. **"No module named 'dns'"**: Install dnspython
```bash
pip install dnspython
```
2. **Cloudflare API errors**: Check your API token permissions
3. **Timeout errors**: Some DNS servers may be slow; this is normal
4. **Permission denied (Linux/macOS)**: Make the script executable
```bash
chmod +x dns_validator.py
```
### Windows PowerShell
If you encounter execution policy issues on Windows:
```powershell
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
```
## Requirements
- Python 3.7 or higher
- Internet connection for DNS queries
- Optional: Cloudflare API token for enhanced features
## Dependencies
- `click`: Command-line interface framework
- `dnspython`: DNS toolkit for Python
- `requests`: HTTP library for API calls
- `colorama`: Cross-platform colored terminal text
- `tabulate`: Pretty-print tabular data
- `cryptography`: Secure credential encryption (AES-256)
- `concurrent.futures`: Parallel processing
- **Optional Cloud SDKs:**
- `boto3`: AWS Route 53 integration
- `google-cloud-dns`: Google Cloud DNS integration
- `azure-mgmt-dns` + `azure-identity`: Azure DNS integration
## Contributing
1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests if applicable
5. Submit a pull request
## License
This project is licensed under the GNU Affero General Public License v3.0 - see the [LICENSE](LICENSE) file for details.
## Support
- 🐛 **Bug Reports**: [GitHub Issues](https://github.com/HereLiesHugo/dns-validator/issues)
- 💡 **Feature Requests**: [GitHub Issues](https://github.com/HereLiesHugo/dns-validator/issues)
- 📖 **Documentation**: [README](https://github.com/HereLiesHugo/dns-validator#readme)
## Changelog
### v2.0.0
- 🔐 **NEW: Secure Credential Management System**
- AES-256 encrypted storage of API keys and tokens
- Multi-provider credential support (Cloudflare, AWS, Google Cloud, Azure, DigitalOcean)
- Multiple credential sets per provider (staging, production, etc.)
- Interactive secure input for sensitive data
- Credential testing, export, and backup functionality
- 🌐 **Enhanced API Integration**
- Full API support for AWS Route 53, Google Cloud DNS, Azure DNS, DigitalOcean
- Improved error handling and debugging
- Better provider detection (52+ providers supported)
- 🛡️ **Security Improvements**
- Credentials never stored in plain text
- Secure credential directory (~/.dns-validator/)
- Safe export options (with/without secrets)
- 🚀 **Performance & UX**
- Faster concurrent DNS queries
- Better error messages and help text
- Improved cross-platform compatibility
### v1.0.0
- Initial release
- DNS delegation checking
- DNS propagation testing across 8 public servers
- Cloudflare integration with API support
- Cross-platform compatibility
- Verbose logging and colored output
- Concurrent DNS queries for performance
Raw data
{
"_id": null,
"home_page": "https://github.com/HereLiesHugo/dns-validator",
"name": "dns-validator",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": null,
"keywords": "dns validation delegation propagation cloudflare nameservers cli",
"author": "Matisse Urquhart",
"author_email": "me@maturqu.com",
"download_url": "https://files.pythonhosted.org/packages/e9/f6/58e0689353d074f1ea9aae249b418ff46a50f10e8489dfcb4afbc9e22c70/dns_validator-2.6.0.tar.gz",
"platform": null,
"description": "# DNS Validator\n\nA comprehensive cross-platform CLI tool for DNS validation, featuring delegation checks, propa# Run all checks at once\npython dns_validator_cli.py full example.com\n\n# Advanced security and analysis features (NEW!)\npython#### `dnssec <domain>`\n\ud83d\udd10 **Check DNSSEC validation status and security chain (NEW!)**\n\n**Features:**\n- Validates complete DNSSEC chain\n- Checks DS records in parent zone\n- Verifies DNSKEY records\n- Analyzes RRSIG signatures\n- Validates DNSSEC authentication chain\n\n#### `reverse-dns <ip_address>`\n\ud83d\udd04 **Check reverse DNS (PTR) records and consistency (NEW!)**\n\n**Features:**\n- PTR record validation\n- Forward/reverse consistency checking\n- IPv4 and IPv6 support\n- Comprehensive reverse lookup analysis\n\n#### `cache-analysis <domain>`\n\ud83d\udcca **Analyze DNS caching behavior and TTL compliance (NEW!)**\n\n**Options:**\n- `--type, -t`: DNS record type to analyze (default: A)\n\n**Features:**\n- TTL compliance checking across multiple servers\n- Cache behavior analysis\n- Optimal TTL recommendations\n- Cache poisoning detection indicators\n- Performance optimization suggestions\n\n#### `health-monitor <domain>`\n\ud83c\udfe5 **Monitor DNS health in real-time with alerting (NEW!)**\n\n**Options:**\n- `--duration, -d`: Monitoring duration in minutes (default: 60)\n- `--interval, -i`: Check interval in seconds (default: 300)\n\n**Features:**\n- Real-time DNS health monitoring\n- Automated alerting on failures\n- Historical tracking and logging\n- Comprehensive health metrics\n- Exportable monitoring reports\n\n#### `bulk <domains_file>` \n\ud83d\ude80 **Process multiple domains in parallel with progress tracking (NEW!)**\n\n**Options:**\n- `--checks, -c`: DNS checks to perform (delegation, propagation, provider, dnssec, security, certificate, ipv6, reverse-dns)\n- `--workers, -w`: Number of parallel workers (default: 10)\n- `--output, -o`: Output file for batch report (supports .json, .html, .csv)\n- `--format, -f`: Output format (overrides file extension)\n\n**Features:**\n- **Parallel processing** with configurable worker threads\n- **Real-time progress tracking** with live status updates\n- **Comprehensive batch reporting** in multiple formats\n- **Error handling and recovery** with detailed failure logs\n- **Performance metrics** including processing speed and success rates\n\n#### `create-bulk-file <output_file>` \n\ud83d\udcdd **Create a domains file for bulk processing (NEW!)**\n\n**Options:**\n- `--from-clipboard`: Read domains from clipboard\n\n**Features:**\n- **Domain validation** and automatic cleanup\n- **Flexible input** from command line or clipboard\n- **Formatted output** with comments and metadata\n\n#### `creds`\n\ud83d\udd10 **Manage API credentials for DNS providers**\n\n**Subcommands:**\n- `add <provider> <name>`: Add new credentials with secure encryption\n- `list`: Display all stored credentials (secrets masked)\n- `edit <provider> <name>`: Interactively edit existing credentials\n- `delete <provider> <name>`: Remove stored credentials\n- `test <provider> <name> <domain>`: Test credentials with API call\n- `export <file>`: Export credential structure (optional --include-secrets)\n- `clear`: Remove all stored credentials\n\n**Features:**\n- \ud83d\udd12 AES-256 encryption for all sensitive data\n- \ud83c\udfe2 Multi-provider support (Cloudflare, AWS, Google Cloud, Azure, DigitalOcean)\n- \ud83d\udc65 Multiple credential sets per provider (staging, production, etc.)\n- \ud83d\udd10 Interactive secure input for sensitive fields\n- \ud83d\udcc1 Secure storage in `~/.dns-validator/` directory\n- \ud83d\udce4 Safe export/backup functionality\n\n#### `geo-dns <domain>`\n\ud83c\udf0d **Test DNS resolution from different geographic locations (NEW!)**\n\n**Features:**\n- DNS resolution testing from 15+ global locations\n- GeoDNS routing validation and detection\n- CDN endpoint identification and analysis\n- Response time comparison across regions\n- Geographic consistency checking\n- Routing pattern analysis\n\n#### `load-balancer <domain>`\n\u2696\ufe0f **Check load balancer health and validate multiple A records (NEW!)**\n\n**Features:**\n- Multiple A record health validation\n- TCP connectivity testing on common ports\n- HTTP/HTTPS endpoint health checks\n- Load balancing pattern analysis (round-robin vs weighted)\n- Failover capability assessment\n- Redundancy level evaluation\n- Distribution consistency testing\n\n#### `ipv6-check <domain>`\n\ud83d\udce1 **Enhanced IPv6 support validation including dual-stack configuration (NEW!)**\n\n**Features:**\n- AAAA record validation and analysis\n- IPv6-only DNS server testing (6 major providers)\n- Dual-stack configuration verification\n- IPv6 connectivity testing (ping + TCP)\n- DNS-over-IPv6 functionality validation\n- IPv6 readiness scoring (0-100)\n- Configuration recommendations\n- Forward/reverse IPv6 consistency\n\n#### `security-analysis <domain>`\n\ud83d\udd12 **Comprehensive DNS security analysis including vulnerabilities and threats (NEW!)**\n\n**Features:**\n- Open resolver detection and testing\n- DNS amplification vulnerability assessment\n- Subdomain enumeration protection analysis\n- Enhanced DNSSEC security evaluation\n- Security scoring system (0-100)\n- Vulnerability identification and classification\n- Comprehensive security recommendations\n- Risk level assessment and mitigation guidance\n\n#### `certificate-analysis <domain>`\n\ud83c\udfc6 **Certificate and SSL/TLS analysis with CT logs and CAA validation (NEW!)**\n\n**Features:**\n- Certificate Transparency log monitoring\n- CAA (Certificate Authority Authorization) record validation\n- SSL/TLS configuration analysis and grading\n- Certificate chain validation and trust verification\n- SSL/TLS protocol and cipher suite evaluation\n- Certificate expiration and validity checking\n- Security score calculation and recommendations\n- Certificate authority compliance verification\n\n## Usage Examples\n\n```bash\n# Basic DNS validation\npython dns_validator_cli.py check example.com\n\n# Advanced security and analysis features\npython dns_validator_cli.py dnssec example.com\npython dns_validator_cli.py reverse-dns 192.168.1.1\npython dns_validator_cli.py cache-analysis example.com --type A\npython dns_validator_cli.py health-monitor example.com --duration 30 --interval 60\n\n# Geographic and load balancer testing (NEW!)\npython dns_validator_cli.py geo-dns example.com\npython dns_validator_cli.py load-balancer cloudflare.com\npython dns_validator_cli.py ipv6-check google.com\n\n# Security and certificate analysis (NEW!)\npython dns_validator_cli.py security-analysis example.com\npython dns_validator_cli.py certificate-analysis example.com\n\n# Manage API credentials (NEW!)\npython dns_validator_cli.py creds add Cloudflare production --api-token YOUR_TOKEN\npython dns_validator_cli.py creds list\npython dns_validator_cli.py provider example.com --provider cloudflare --cred-name production\n\n# Enable verbose output for any command\npython dns_validator_cli.py --verbose delegation example.comting, and DNS provider settings analysis.\n\n\n\n\n\n## Features\n\n### \ud83d\udd0d **Core DNS Validation**\n- **DNS Delegation Check**: Verify DNS delegation and authoritative name servers\n- **Propagation Check**: Test DNS propagation across multiple public DNS servers\n- **Multi-Provider DNS Settings**: Detect and analyze DNS settings from 50+ providers including Cloudflare, AWS Route 53, Google Cloud DNS, Azure DNS, and more\n\n### \ud83d\udd10 **Security & DNSSEC**\n- **DNSSEC Validation**: Complete DNSSEC chain validation including DS, DNSKEY, and RRSIG records\n- **DNS Security Analysis**: Open resolver detection, amplification vulnerability assessment, subdomain protection\n- **Certificate Integration**: Certificate Transparency logs, CAA record validation, SSL/TLS configuration analysis\n- **Security Scoring**: Comprehensive 0-100 security scoring with vulnerability classification\n- **Secure Credential Management**: Encrypted storage and management of API keys for multiple providers\n- **Reverse DNS Validation**: PTR record validation with forward/reverse consistency checking\n\n### \ud83d\udcca **Advanced Analysis**\n- **DNS Cache Analysis**: TTL compliance checking, cache behavior analysis, and optimization recommendations\n- **DNS Health Monitoring**: Real-time monitoring with alerting and historical tracking\n- **Performance Benchmarking**: Response time analysis across multiple DNS servers\n- **DNS Query Analytics**: Real-time query type distribution, geographic analysis, and temporal pattern detection\n- **Advanced Reporting**: Multi-format analytics reports (executive, technical, geographic, performance)\n- **DNS Insights Engine**: Intelligent pattern recognition with baseline establishment and anomaly detection\n\n### \ud83d\udee0 **User Experience**\n- **Verbose CLI Output**: Detailed logging and colored output for better debugging\n- **Cross-platform Compatibility**: Works on Windows, Linux, and macOS\n- **Concurrent Processing**: Fast parallel DNS queries for efficient testing\n\n## Installation\n\n### Method 1: Direct Installation (Recommended)\n\n```bash\n# Clone the repository\ngit clone https://github.com/HereLiesHugo/dns-validator.git\ncd dns-validator\n\n# Install dependencies\npip install -r requirements.txt\n\n# Make the script executable (Linux/macOS)\nchmod +x dns_validator.py\n```\n\n### Method 2: Package Installation (pip)\n\n```bash\n# Install from PyPI (when available)\npip install dns-validator\n\n# Install from GitHub\npip install git+https://github.com/HereLiesHugo/dns-validator.git\n\n# Install in development mode\ngit clone https://github.com/HereLiesHugo/dns-validator.git\ncd dns-validator\npip install -e .\n```\n\n## Usage\n\n### Execution Methods\n\nThe DNS Validator can be executed in multiple ways:\n\n1. **Via pip installation (recommended):**\n ```bash\n dns-validator [command] [options]\n dnsval [command] [options] # Short alias\n ```\n\n2. **Direct script execution:**\n ```bash\n python dns_validator_cli.py [command] [options]\n ```\n\n3. **As Python module:**\n ```bash\n python -m dns_validator [command] [options]\n ```\n\n### Basic Commands\n\n```bash\n# Check DNS delegation (direct script execution)\npython dns_validator_cli.py delegation example.com\n\n# Or if installed via pip\ndns-validator delegation example.com\n\n# Check DNS propagation (A record)\npython dns_validator.py propagation example.com\n\n# Check propagation for specific record type\npython dns_validator.py propagation example.com --type MX\n\n# Check propagation with expected value validation\npython dns_validator.py propagation example.com --expected \"192.168.1.1\"\n\n# Detect DNS providers\npython dns_validator.py providers example.com\n\n# List all supported providers\npython dns_validator.py list-providers\n\n# Check provider settings (with API integration)\npython dns_validator.py provider example.com --api-token your_token\n\n# Check Cloudflare settings (legacy command)\npython dns_validator.py cloudflare example.com --api-token your_cf_token\n\n# Run all checks at once\npython dns_validator.py full example.com\n\n# Manage API credentials (NEW!)\npython dns_validator.py creds add Cloudflare production --api-token YOUR_TOKEN\npython dns_validator.py creds list\npython dns_validator.py provider example.com --provider cloudflare --cred-name production\n\n# Enable verbose output for any command\npython dns_validator.py --verbose delegation example.com\n```\n\n### Bulk Processing Examples (NEW!)\n\n```bash\n# Create domains file from command line\ndns-validator create-bulk-file my-domains.txt example.com google.com github.com cloudflare.com\n\n# Create domains file from clipboard\ndns-validator create-bulk-file domains.txt --from-clipboard\n\n# Basic bulk processing (delegation + propagation)\ndns-validator bulk my-domains.txt\n\n# Full security analysis for multiple domains\ndns-validator bulk my-domains.txt \\\n --checks delegation \\\n --checks propagation \\\n --checks provider \\\n --checks dnssec \\\n --checks security \\\n --checks certificate\n\n# High-performance processing with custom workers\ndns-validator bulk large-domain-list.txt \\\n --workers 25 \\\n --checks delegation \\\n --checks propagation \\\n --output results.html\n\n# Generate comprehensive JSON report\ndns-validator bulk domains.txt \\\n --checks delegation \\\n --checks security \\\n --checks ipv6 \\\n --output detailed-report.json\n\n# Quick CSV report for spreadsheet analysis\ndns-validator bulk company-domains.txt \\\n --output quick-report.csv \\\n --format csv\n```\n\n### Advanced Usage Examples\n\n```bash\n# Comprehensive check with all options\npython dns_validator.py full example.com \\\n --type A \\\n --expected \"192.168.1.1\" \\\n --api-token your_cloudflare_token\n\n# Check MX record propagation\npython dns_validator.py propagation example.com --type MX --verbose\n\n# Validate CNAME record\npython dns_validator.py propagation subdomain.example.com --type CNAME\n```\n\n### DNS Query Analytics Examples (NEW!)\n\n```bash\n# Basic query analytics (5 minutes of data collection)\ndns-validator query-analytics example.com\n\n# Comprehensive analytics with geographic analysis\ndns-validator query-analytics example.com \\\n --duration 900 \\\n --interval 10 \\\n --geographic \\\n --performance \\\n --output analytics-data.json\n\n# Custom query types and resolvers\ndns-validator query-analytics example.com \\\n --query-types A,AAAA,MX,NS,TXT,CNAME,SOA \\\n --resolvers 8.8.8.8,1.1.1.1,9.9.9.9 \\\n --duration 600\n\n# Generate executive summary report\ndns-validator analytics-report analytics-data.json \\\n --format executive \\\n --output summary-report.md \\\n --include-charts\n\n# Technical deep-dive report\ndns-validator analytics-report analytics-data.json \\\n --format technical \\\n --output tech-analysis.html \\\n --detailed\n\n# Geographic optimization report\ndns-validator analytics-report analytics-data.json \\\n --format geographic \\\n --output geo-analysis.txt\n\n# Performance monitoring report with alerts\ndns-validator analytics-report analytics-data.json \\\n --format performance \\\n --threshold 50 \\\n --timeframe 24h\n\n# Quick DNS insights (1 minute analysis)\ndns-validator dns-insights example.com --quick\n\n# Comprehensive insights with baseline establishment\ndns-validator dns-insights example.com \\\n --comprehensive \\\n --baseline \\\n --export-insights \\\n --alert-thresholds\n\n# Compare current performance with historical data\ndns-validator dns-insights example.com \\\n --compare previous-insights.json \\\n --export-insights current-insights.json\n```\n\n## Command Reference\n\n### Global Options\n\n- `--verbose, -v`: Enable verbose output with detailed logging\n\n### Commands\n\n#### `delegation <domain>`\nCheck DNS delegation for a domain.\n\n**Features:**\n- Validates authoritative name servers\n- Checks parent delegation\n- Identifies delegation issues\n\n#### `propagation <domain>`\nCheck DNS propagation across multiple DNS servers.\n\n**Options:**\n- `--type, -t`: DNS record type (default: A)\n- `--expected, -e`: Expected value to validate against\n\n**Features:**\n- Tests 8 major public DNS servers (Google, Cloudflare, Quad9, etc.)\n- Concurrent queries for fast results\n- Consistency checking across servers\n- Response time measurement\n\n#### `providers <domain>`\nDetect DNS providers for a domain.\n\n**Features:**\n- Identifies primary and secondary DNS providers\n- Shows all detected providers\n- Lists nameserver details\n\n#### `list-providers`\nList all supported DNS providers.\n\n**Features:**\n- Shows 50+ supported DNS providers organized by category\n- Indicates API integration status\n- Displays detection patterns\n\n#### `provider <domain>`\nCheck DNS provider settings with API integration.\n\n**Options:**\n- `--provider`: Specify provider to check\n- `--api-token`: API token for provider integration\n- `--api-secret`: API secret for providers that require it\n- `--access-key`: Access key for AWS Route 53\n- `--secret-key`: Secret key for AWS Route 53\n- `--service-account`: Service account file for Google Cloud DNS\n\n**Features:**\n- Auto-detects DNS provider\n- API integration for detailed settings\n- DNS record retrieval and analysis\n- Provider-specific configuration display\n\n#### `cloudflare <domain>`\nCheck Cloudflare DNS settings (legacy command).\n\n**Options:**\n- `--api-token`: Cloudflare API token for detailed information\n\n**Features:**\n- Detects Cloudflare nameserver usage\n- Retrieves zone settings (with API token)\n- Lists all DNS records with proxy status\n- Shows security and performance settings\n\n#### `full <domain>`\nPerform all DNS checks in sequence.\n\n**Options:**\n- `--type, -t`: DNS record type for propagation check\n- `--expected, -e`: Expected value for validation\n- `--api-token`: Cloudflare API token\n\n**Features:**\n- Comprehensive validation report\n- Summary of all issues found\n- Recommended actions\n\n#### `creds`\n\ud83d\udd10 **Manage API credentials for DNS providers (NEW!)**\n\n**Subcommands:**\n- `add <provider> <name>`: Add new credentials with secure encryption\n- `list`: Display all stored credentials (secrets masked)\n- `edit <provider> <name>`: Interactively edit existing credentials\n- `delete <provider> <name>`: Remove stored credentials\n- `test <provider> <name> <domain>`: Test credentials with API call\n- `export <file>`: Export credential structure (optional --include-secrets)\n- `clear`: Remove all stored credentials\n\n**Features:**\n- \ud83d\udd12 AES-256 encryption for all sensitive data\n- \ud83c\udfe2 Multi-provider support (Cloudflare, AWS, Google Cloud, Azure, DigitalOcean)\n- \ud83d\udc65 Multiple credential sets per provider (staging, production, etc.)\n- \ud83d\udd10 Interactive secure input for sensitive fields\n- \ud83d\udcbe Secure storage in `~/.dns-validator/` directory\n- \ud83d\udce4 Safe export/backup functionality\n\n#### `query-analytics <domain>`\n\ud83d\udcca **Advanced DNS query analytics with comprehensive data collection (NEW!)**\n\n**Options:**\n- `--duration, -d`: Collection duration in seconds (default: 300)\n- `--interval, -i`: Query interval in seconds (default: 5)\n- `--query-types, -t`: Comma-separated query types (default: A,AAAA,MX,NS,TXT)\n- `--resolvers, -r`: Comma-separated resolver IPs (uses public DNS by default)\n- `--output, -o`: Output file for analytics data (JSON format)\n- `--geographic`: Enable geographic analysis of query paths\n- `--performance`: Include detailed performance metrics\n- `--concurrent`: Maximum concurrent queries (default: 10)\n\n**Features:**\n- \ud83d\udcc8 Real-time query type distribution analysis\n- \ud83c\udf0d Geographic query path tracking and analysis\n- \u23f0 Peak usage time detection and temporal patterns\n- \ud83d\udcca Response time statistics and performance trends\n- \ud83d\udd04 Anycast detection and routing analysis\n- \ud83d\udcbe Structured data export for further analysis\n- \ud83d\udcf1 Progress tracking with real-time updates\n\n#### `analytics-report <data_file>`\n\ud83d\udccb **Generate comprehensive analytics reports from collected data (NEW!)**\n\n**Options:**\n- `--format, -f`: Report format (executive|technical|geographic|performance) (default: executive)\n- `--output, -o`: Output file path (supports .txt, .md, .html, .json)\n- `--timeframe, -t`: Time period filter (1h|6h|24h|7d|30d|all) (default: all)\n- `--threshold`: Performance threshold for alerts (default: 100ms)\n- `--include-charts`: Include ASCII charts in text reports\n- `--detailed`: Generate detailed technical analysis\n\n**Features:**\n- \ud83d\udcca Multiple report formats for different audiences\n- \ud83d\udcc8 Executive summaries with key performance indicators\n- \ud83d\udd27 Technical reports with detailed metrics and recommendations\n- \ud83c\udf0d Geographic analysis with routing optimization suggestions\n- \u26a1 Performance reports with SLA compliance tracking\n- \ud83d\udcc5 Time-based filtering and trend analysis\n- \ud83d\udea8 Automated alerting for performance thresholds\n\n#### `dns-insights <domain>`\n\ud83d\udd0d **Advanced DNS insights combining real-time analytics with historical patterns (NEW!)**\n\n**Options:**\n- `--quick, -q`: Quick insight generation (60 seconds)\n- `--comprehensive, -c`: Comprehensive analysis (15 minutes)\n- `--baseline, -b`: Establish performance baseline\n- `--compare <file>`: Compare with previous insights data\n- `--export-insights`: Export insights for trending analysis\n- `--alert-thresholds`: Set custom performance alert levels\n\n**Features:**\n- \ud83c\udfaf Intelligent query pattern recognition\n- \ud83d\udcca Automated performance baseline establishment\n- \ud83d\udd14 Real-time anomaly detection and alerting\n- \ud83d\udcc8 Trend analysis with historical comparison\n- \ud83c\udfa8 Interactive insights dashboard (when supported)\n- \ud83d\udca1 Actionable recommendations for DNS optimization\n- \ud83d\udd04 Continuous monitoring integration capabilities\n\n## DNS Servers Tested\n\nThe propagation check queries the following public DNS servers:\n\n| Provider | Primary | Secondary |\n|----------|---------|-----------|\n| Google | 8.8.8.8 | 8.8.4.4 |\n| Cloudflare | 1.1.1.1 | 1.0.0.1 |\n| Quad9 | 9.9.9.9 | - |\n| OpenDNS | 208.67.222.222 | - |\n| Verisign | 64.6.64.6 | - |\n| Level3 | 4.2.2.1 | - |\n\n## Supported DNS Providers\n\nThe tool supports detection and analysis of 50+ DNS providers:\n\n### \ud83c\udf10 Major Cloud Providers\n- **Cloudflare** (\u2705 Full API Support + \ud83d\udd10 Credential Management)\n- **AWS Route 53** (\u2705 Full API Support + \ud83d\udd10 Credential Management)\n- **Google Cloud DNS** (\u2705 Full API Support + \ud83d\udd10 Credential Management)\n- **Azure DNS** (\u2705 Full API Support + \ud83d\udd10 Credential Management)\n- **DigitalOcean** (\u2705 Full API Support + \ud83d\udd10 Credential Management)\n\n### \ud83d\ude80 VPS/Cloud Hosting\n- DigitalOcean, Linode, Vultr, OVH, Hetzner, Scaleway\n\n### \ud83c\udfe2 Domain Registrars\n- Namecheap, GoDaddy, Name.com, Domain.com, Gandi, Hover, Dynadot\n\n### \ud83d\udd12 Security/Privacy DNS\n- Quad9, OpenDNS\n\n### \u26a1 Performance DNS\n- DNS Made Easy, NS1, Constellix, UltraDNS\n\n### \ud83c\udd93 Free DNS Services\n- No-IP, DuckDNS, FreeDNS, Hurricane Electric\n\nAnd many more! Use `python dns_validator.py list-providers` to see the complete list.\n\n## API Integration\n\n### \ud83d\udd10 Secure Credential Management (NEW!)\n\nStore your API credentials securely with AES encryption:\n\n```bash\n# Add credentials interactively (most secure)\ndns-validator creds add Cloudflare production --interactive\n\n# Add credentials via command line\ndns-validator creds add AWS staging --access-key AKIA123... --secret-key abc123...\n\n# List stored credentials\ndns-validator creds list\n\n# Use stored credentials\ndns-validator provider example.com --provider cloudflare --cred-name production\n\n# Test credentials\ndns-validator creds test Cloudflare production example.com\n```\n\n### Cloudflare\n```bash\n# Using stored credentials (recommended)\ndns-validator creds add Cloudflare production --api-token YOUR_CF_TOKEN\ndns-validator provider example.com --provider cloudflare --cred-name production\n\n# Direct usage (less secure)\ndns-validator provider example.com --api-token YOUR_CF_TOKEN\n```\n\n### AWS Route 53\n```bash\n# Using stored credentials (recommended)\ndns-validator creds add AWS production --access-key YOUR_KEY --secret-key YOUR_SECRET --region us-east-1\ndns-validator provider example.com --provider aws --cred-name production\n\n# Direct usage\ndns-validator provider example.com --access-key YOUR_KEY --secret-key YOUR_SECRET\n\n# Using default AWS credentials\ndns-validator provider example.com --provider \"AWS Route 53\"\n```\n**Prerequisites:** `pip install boto3`\n\n### Google Cloud DNS\n```bash\n# Using service account file\ndns-validator provider example.com --service-account /path/to/service-account.json --project-id YOUR_PROJECT\n```\n**Prerequisites:** `pip install google-cloud-dns`\n\n### Azure DNS\n```bash\n# Using service principal\ndns-validator provider example.com --subscription-id SUB_ID --tenant-id TENANT_ID --client-id CLIENT_ID --client-secret CLIENT_SECRET\n\n# Using default Azure credentials\ndns-validator provider example.com --subscription-id SUB_ID --resource-group RG_NAME\n```\n**Prerequisites:** `pip install azure-mgmt-dns azure-identity`\n\n### DigitalOcean\n```bash\ndns-validator provider example.com --api-token YOUR_DO_TOKEN\n```\n\n### Namecheap (NEW!)\n```bash\n# Using stored credentials (recommended)\ndns-validator creds add Namecheap production --api-user YOUR_USER --api-secret YOUR_KEY --username YOUR_USERNAME --client-ip YOUR_IP\ndns-validator provider example.com --provider namecheap --cred-name production\n\n# Direct usage\ndns-validator provider example.com --api-user YOUR_API_USER --api-secret YOUR_API_KEY --username YOUR_USERNAME --client-ip YOUR_CLIENT_IP\n\n# Sandbox mode for testing\ndns-validator provider example.com --api-user YOUR_API_USER --api-secret YOUR_API_KEY --sandbox\n```\n\n### GoDaddy (NEW!)\n```bash\n# Using stored credentials (recommended)\ndns-validator creds add GoDaddy production --api-token YOUR_API_KEY --api-secret YOUR_API_SECRET\ndns-validator provider example.com --provider godaddy --cred-name production\n\n# Direct usage\ndns-validator provider example.com --api-token YOUR_API_KEY --api-secret YOUR_API_SECRET\n```\n\n### Name.com (NEW!)\n```bash\n# Using stored credentials (recommended)\ndns-validator creds add \"Name.com\" production --api-token YOUR_USERNAME --api-secret YOUR_API_TOKEN\ndns-validator provider example.com --provider \"Name.com\" --cred-name production\n\n# Direct usage\ndns-validator provider example.com --api-token YOUR_USERNAME --api-secret YOUR_API_TOKEN\n```\n\n### Gandi (NEW!)\n```bash\n# Using stored credentials (recommended)\ndns-validator creds add Gandi production --api-token YOUR_API_KEY\ndns-validator provider example.com --provider gandi --cred-name production\n\n# Direct usage\ndns-validator provider example.com --api-token YOUR_API_KEY\n```\n\n### OVH (NEW!)\n```bash\n# Using stored credentials (recommended)\ndns-validator creds add OVH production --application-key YOUR_APP_KEY --application-secret YOUR_APP_SECRET --consumer-key YOUR_CONSUMER_KEY --endpoint ovh-eu\ndns-validator provider example.com --provider ovh --cred-name production\n\n# Direct usage\ndns-validator provider example.com --application-key YOUR_APP_KEY --application-secret YOUR_APP_SECRET --consumer-key YOUR_CONSUMER_KEY --endpoint ovh-eu\n```\n\nFor detailed setup instructions, see [CLOUD_PROVIDER_SETUP.md](CLOUD_PROVIDER_SETUP.md).\n\n## Examples\n\n### Check if DNS changes have propagated\n\n```bash\n# After updating A record to point to new server\npython dns_validator.py propagation example.com --expected \"192.168.1.100\"\n```\n\n### Troubleshoot DNS delegation issues\n\n```bash\n# Check if nameservers are properly configured\npython dns_validator.py delegation example.com --verbose\n```\n\n### Detect and validate DNS provider\n\n```bash\n# Detect DNS provider\npython dns_validator.py providers example.com\n\n# Store credentials securely\npython dns_validator.py creds add Cloudflare production --api-token your_token\n\n# Check provider settings with stored credentials\npython dns_validator.py provider example.com --provider cloudflare --cred-name production\n\n# Direct API usage (less secure)\npython dns_validator.py provider example.com --api-token your_token\n\n# Legacy Cloudflare check\npython dns_validator.py cloudflare example.com --api-token your_token\n```\n\n### Advanced DNS Security and Analysis Examples\n\n```bash\n# DNSSEC validation for security-conscious domains\npython dns_validator_cli.py dnssec cloudflare.com\npython dns_validator_cli.py dnssec --verbose your-secure-domain.com\n\n# Reverse DNS validation for mail servers and security\npython dns_validator_cli.py reverse-dns 8.8.8.8\npython dns_validator_cli.py reverse-dns 2001:4860:4860::8888\n\n# DNS cache analysis for performance optimization\npython dns_validator_cli.py cache-analysis example.com --type A\npython dns_validator_cli.py cache-analysis mail.example.com --type MX\n\n# Real-time DNS health monitoring\npython dns_validator_cli.py health-monitor example.com --duration 60 --interval 300\npython dns_validator_cli.py health-monitor critical-site.com --duration 1440 --interval 60 # 24 hours\n```\n\n### Credential Management Examples\n\n```bash\n# Add multiple environments\npython dns_validator.py creds add Cloudflare staging --interactive\npython dns_validator.py creds add Cloudflare production --interactive\npython dns_validator.py creds add AWS dev --access-key KEY1 --secret-key SECRET1\npython dns_validator.py creds add AWS prod --access-key KEY2 --secret-key SECRET2\n\n# List all stored credentials\npython dns_validator.py creds list\n\n# Test credentials\npython dns_validator.py creds test Cloudflare production example.com\n\n# Export backup (structure only)\npython dns_validator.py creds export backup.json\n\n# Export with secrets (use with caution)\npython dns_validator.py creds export full-backup.json --include-secrets\n\n# Edit existing credentials\npython dns_validator.py creds edit Cloudflare production\n\n# Delete credentials\npython dns_validator.py creds delete AWS dev\n\n# Clear all credentials\npython dns_validator.py creds clear\n```\n\n### Complete domain validation\n\n```bash\n# Run all checks with verbose output\npython dns_validator.py --verbose full example.com --api-token your_token\n```\n\n## Output Colors\n\nThe tool uses colored output for better readability:\n\n- \ud83d\udfe2 **Green**: Success, valid configurations\n- \ud83d\udd34 **Red**: Errors, failed validations\n- \ud83d\udfe1 **Yellow**: Warnings, inconsistencies\n- \ud83d\udd35 **Blue**: Information, processing status\n- \ud83d\udfe3 **Magenta**: Headers, summaries\n\n## Troubleshooting\n\n### Common Issues\n\n1. **\"No module named 'dns'\"**: Install dnspython\n ```bash\n pip install dnspython\n ```\n\n2. **Cloudflare API errors**: Check your API token permissions\n\n3. **Timeout errors**: Some DNS servers may be slow; this is normal\n\n4. **Permission denied (Linux/macOS)**: Make the script executable\n ```bash\n chmod +x dns_validator.py\n ```\n\n### Windows PowerShell\n\nIf you encounter execution policy issues on Windows:\n\n```powershell\nSet-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser\n```\n\n## Requirements\n\n- Python 3.7 or higher\n- Internet connection for DNS queries\n- Optional: Cloudflare API token for enhanced features\n\n## Dependencies\n\n- `click`: Command-line interface framework\n- `dnspython`: DNS toolkit for Python\n- `requests`: HTTP library for API calls\n- `colorama`: Cross-platform colored terminal text\n- `tabulate`: Pretty-print tabular data\n- `cryptography`: Secure credential encryption (AES-256)\n- `concurrent.futures`: Parallel processing\n- **Optional Cloud SDKs:**\n - `boto3`: AWS Route 53 integration\n - `google-cloud-dns`: Google Cloud DNS integration\n - `azure-mgmt-dns` + `azure-identity`: Azure DNS integration\n\n## Contributing\n\n1. Fork the repository\n2. Create a feature branch\n3. Make your changes\n4. Add tests if applicable\n5. Submit a pull request\n\n## License\n\nThis project is licensed under the GNU Affero General Public License v3.0 - see the [LICENSE](LICENSE) file for details.\n\n## Support\n\n- \ud83d\udc1b **Bug Reports**: [GitHub Issues](https://github.com/HereLiesHugo/dns-validator/issues)\n- \ud83d\udca1 **Feature Requests**: [GitHub Issues](https://github.com/HereLiesHugo/dns-validator/issues)\n- \ud83d\udcd6 **Documentation**: [README](https://github.com/HereLiesHugo/dns-validator#readme)\n\n## Changelog\n\n### v2.0.0\n- \ud83d\udd10 **NEW: Secure Credential Management System**\n - AES-256 encrypted storage of API keys and tokens\n - Multi-provider credential support (Cloudflare, AWS, Google Cloud, Azure, DigitalOcean)\n - Multiple credential sets per provider (staging, production, etc.)\n - Interactive secure input for sensitive data\n - Credential testing, export, and backup functionality\n- \ud83c\udf10 **Enhanced API Integration**\n - Full API support for AWS Route 53, Google Cloud DNS, Azure DNS, DigitalOcean\n - Improved error handling and debugging\n - Better provider detection (52+ providers supported)\n- \ud83d\udee1\ufe0f **Security Improvements**\n - Credentials never stored in plain text\n - Secure credential directory (~/.dns-validator/)\n - Safe export options (with/without secrets)\n- \ud83d\ude80 **Performance & UX**\n - Faster concurrent DNS queries\n - Better error messages and help text\n - Improved cross-platform compatibility\n\n### v1.0.0\n- Initial release\n- DNS delegation checking\n- DNS propagation testing across 8 public servers\n- Cloudflare integration with API support\n- Cross-platform compatibility\n- Verbose logging and colored output\n- Concurrent DNS queries for performance\n",
"bugtrack_url": null,
"license": null,
"summary": "A comprehensive DNS validation tool with delegation, propagation, and provider settings checks",
"version": "2.6.0",
"project_urls": {
"Bug Reports": "https://github.com/HereLiesHugo/dns-validator/issues",
"Documentation": "https://github.com/HereLiesHugo/dns-validator#readme",
"Homepage": "https://github.com/HereLiesHugo/dns-validator",
"Source": "https://github.com/HereLiesHugo/dns-validator"
},
"split_keywords": [
"dns",
"validation",
"delegation",
"propagation",
"cloudflare",
"nameservers",
"cli"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "010abc4959f91c72af2d0e918c4776cb90c8353022e91403cbc8bd3e977e29d7",
"md5": "07d944959c1d17ccbe84ae5d03d0bb4d",
"sha256": "16b90a2aab6cceec856caa0240adb946bf68cd779e20b66af22553d44f33f46b"
},
"downloads": -1,
"filename": "dns_validator-2.6.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "07d944959c1d17ccbe84ae5d03d0bb4d",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 73882,
"upload_time": "2025-10-07T22:38:17",
"upload_time_iso_8601": "2025-10-07T22:38:17.718471Z",
"url": "https://files.pythonhosted.org/packages/01/0a/bc4959f91c72af2d0e918c4776cb90c8353022e91403cbc8bd3e977e29d7/dns_validator-2.6.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "e9f658e0689353d074f1ea9aae249b418ff46a50f10e8489dfcb4afbc9e22c70",
"md5": "de4561033dd0aec8a6ab8783197ff947",
"sha256": "9500bcfbce89efa94736420c9a633404b08afa9495ef1b455b51f5212006f6f3"
},
"downloads": -1,
"filename": "dns_validator-2.6.0.tar.gz",
"has_sig": false,
"md5_digest": "de4561033dd0aec8a6ab8783197ff947",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7",
"size": 89461,
"upload_time": "2025-10-07T22:38:18",
"upload_time_iso_8601": "2025-10-07T22:38:18.928313Z",
"url": "https://files.pythonhosted.org/packages/e9/f6/58e0689353d074f1ea9aae249b418ff46a50f10e8489dfcb4afbc9e22c70/dns_validator-2.6.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-10-07 22:38:18",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "HereLiesHugo",
"github_project": "dns-validator",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "click",
"specs": [
[
">=",
"8.0.0"
]
]
},
{
"name": "dnspython",
"specs": [
[
">=",
"2.3.0"
]
]
},
{
"name": "requests",
"specs": [
[
">=",
"2.28.0"
]
]
},
{
"name": "colorama",
"specs": [
[
">=",
"0.4.6"
]
]
},
{
"name": "tabulate",
"specs": [
[
">=",
"0.9.0"
]
]
},
{
"name": "pycryptodome",
"specs": [
[
">=",
"3.15.0"
]
]
},
{
"name": "cryptography",
"specs": [
[
">=",
"41.0.0"
]
]
},
{
"name": "setuptools",
"specs": [
[
">=",
"65.5.0"
]
]
},
{
"name": "boto3",
"specs": [
[
">=",
"1.26.0"
]
]
},
{
"name": "google-cloud-dns",
"specs": [
[
">=",
"0.34.0"
]
]
},
{
"name": "azure-mgmt-dns",
"specs": [
[
">=",
"8.0.0"
]
]
},
{
"name": "azure-identity",
"specs": [
[
">=",
"1.12.0"
]
]
},
{
"name": "azure-core",
"specs": [
[
">=",
"1.24.0"
]
]
},
{
"name": "pyOpenSSL",
"specs": [
[
">=",
"23.0.0"
]
]
},
{
"name": "certifi",
"specs": [
[
">=",
"2022.12.7"
]
]
},
{
"name": "urllib3",
"specs": [
[
">=",
"1.26.0"
]
]
},
{
"name": "pyperclip",
"specs": [
[
">=",
"1.8.0"
]
]
},
{
"name": "concurrent.futures",
"specs": [
[
">=",
"3.1.1"
]
]
},
{
"name": "pathlib",
"specs": [
[
">=",
"1.0.1"
]
]
},
{
"name": "ipaddress",
"specs": [
[
">=",
"1.0.23"
]
]
}
],
"lcname": "dns-validator"
}
JSON
