The ZoneCheck program (freely available
for download) performs several tests on your zone (ie:
domain) to ensure that it is correctly configured and can be
safely delegated, providing a certain quality to your domain (see the
The domain (ie: zone) that should be tested (ie: the domain name
that you want to register).
The nameserver that is considered as primary (the one in
the SOA record if it is public).
The secondary nameservers (all the NS records associated
with the zone, except for the one listed above).
List of IP addresses associated with the nameserver.
- they are only required if they can't be resolved
(ie: they are in the zone that you want to register).
- if you have several addresses you must use a space or
a comma as the separator.
- the form accepts IPv4 and IPv6 addresses.
Includes a summary about the zone and its nameservers in
the generated report
Includes the name of the test that has been performed
when reporting errors
Includes an explanation (when the test failed) about
the purpose of the test and why you should fix it.
Includes details (when the test failed) about
the culprit elements.
Display information about the test progression
Mozilla or IE5+ for correct rendering).
Give a short description of the test when it is performed.
Don't display information about the test progression.
Select the type of generated report you want.
Select the format in which you want the report
(HTML or plain text).
Select the language that you want the report generated in.
Errors are reported with the default severity associated
All errors are considered fatals.
All errors are considered warnings.
don't stop on fatal
Keep going even after encountering a fatal error
(this could lead to some unexpected results).
Report test that passed.
Options: Extra tests performed
Perform extra checking on mail delivery for typical
mail accounts (hostmaster, postmaster, ...) associated with
Perform additional tests on the zone retrieved after
a zone transfer.
Check that IP addresses used are registered in the RIR
Select the routing layer (if none are selected it will
default to IPv4 and IPv6).
STD, UDP, TCP
Select the transport layer you want for interrogating
Set the DNSSEC tests policy to mandatory, if not tests will be warnings
DS and Hash Algorithm
Gives the hash of the public key and the algorithm used to do that
The hash of the key must be encoded in hexadecimal (blanks are removed).
The Hash Algorithm is the number given by IANA and corresponding to the algorithm.
Gives the public key used as a Security Entry Point.
The key must be encoded in base64 (blanks will be removed).