domains_tool

Description

When using Domain objects in the policy, you might want to know the IP addresses to which the Domain object is resolved on the Security Gateway (and kept in the cache). You might also want to know to which Domain objects a specific IP address is related.

Domains and IP addresses are mapped on the Security Gateway using Domains and cache tables. These tables contain information about the attachments between Domains used in the policy and their IP addresses.

This command shows the information about IP addresses and Domain objects. It also includes an option to see the Domains of an Updatable Object used in the policy.

For more information, see sk161632.

Important:

  • You must run this command in the Expert mode.

  • In a Cluster, all the Cluster Members must be configured in the same way.

  • On Scalable Platforms (Maestro and Chassis), you must connect to the applicable Security Group.

Syntax

domains_tool

      -d <Domain Name> [-m]

      -dx <Domain Name>

      -efo <Name of External Feed Object>

      -hc

      -ip <IP Address>

      -md <Domain Name 1> ... <Domain Name N>

      -o <Domain Name>

      -report

            [-extended]

            [-not_extended]

      -report ip <IP Address> [<Number of Hours>]

      -uo <Name of Updatable Object>

Parameters

Step

Instructions

No Parameter

Shows the built-in help.

-d <Domain Name> [-m]

Shows a list of IP addresses for one specified domain name.

  • The optional parameter "-m" performs the search in the entire cache table instead of searching in chunks.

  • You must specify the domain name in lowercase letters.

  • This applies only when the Domain objects / Updatable Objects are used in the rule base. Otherwise, domains and cache tables are empty.

  • This command may return "ERROR" when no Domain Objects or Updatable Objects (with Domains) are found in the policy.

Example:

domains_tool -d www.example.com

-dx <Domain Name>

Shows a list of IP addresses for the specified domain name that will be used for translation in the NAT rulebase. See sk167194.

You must specify the domain name in lowercase letters.

Example:

domains_tool -dx www.example.com

-efo <Name of External Feed Object>

Shows a list of Domains that the specified External Network Feed contains.

Example:

domains_tool -efo MyExternalFeed

-hc

Shows the status of the Health Check test:

  • Health-Check status is NOK

    To see the details, refer to the "-report" parameter.

  • Health-Check status is OK

-ip <IP Address>

Shows a list of Domains for the specified IP address.

This command may return "ERROR" when no Domain Objects or Updatable Objects (with Domains) are found in the policy.

Example:

domains_tool -ip 192.168.33.44

-md <Domain Name 1> ... <Domain Name N>

Shows a list of IP addresses for multiple specified domain names (separated by a space).

You must specify the domain names in lowercase letters.

Example:

domains_tool www.example1.com www.example2.com

-o <Domain Name>

Shows a list of objects that contain the specified domain name.

Example:

domains_tool -o www.example.com

-report [{-not_extended | -extended}]

Runs a policy test and shows the report for Domain objects / Updatable Objects.

The command asks you whether you wish to run an extended test.

You can specify manually which test to run:

  • domains_tool -report -not_extended

    Runs a regular test.

  • domains_tool -report -extended

    Runs an extended test.

Warning - The extended test runs the TCPdump tool for 60 seconds on all interfaces to capture the DNS traffic (port 53). This can create additional load on the CPU.

-report ip <IP Address> [<Number of Hours>]

Runs a test and shows the report for matching of the specified IP Address in the last specified number of hours (default is 2 hours).

Example:

domains_tool -report ip 192.168.3.57

-uo <Name of Updatable Object>

Shows a list of domains that the specified Updatable Object contains.

This command shows only the domains of an Updatable Object when it is used in the policy.

Example:

domains_tool -uo "Dropbox Services"

Examples

[Expert@MyGW:0]# domains_tool -d example.com
---------------------------------------------------------------------------------------------------
| Given Domain name:  example.com  FQDN: yes                                                      |
---------------------------------------------------------------------------------------------------
| IPv4 addresses                                                                     | sub-domain |
---------------------------------------------------------------------------------------------------
| 93.184.215.14                                                                      |     no     |
---------------------------------------------------------------------------------------------------
Total of 1 IPv4 addresses found

---------------------------------------------------------------------------------------------------
| Given Domain name:  example.com  FQDN: yes                                                      |
---------------------------------------------------------------------------------------------------
| IPv6 addresses                                                                     | sub-domain |
---------------------------------------------------------------------------------------------------
| 2606:2800:21f:cb07:6820:80da:af6b:8b2c                                             |     no     |
---------------------------------------------------------------------------------------------------
Total of 1 IPv6 addresses found

[Expert@MyGW:0]#
 
[Expert@MyGW:0]# domains_tool -ip 93.184.215.14
---------------------------------------------------------------------------------------------------
| Given IPv4 address:  93.184.215.14                                                              |
---------------------------------------------------------------------------------------------------
| Domain name                                                                              | FQDN |
---------------------------------------------------------------------------------------------------
| www.example.com                                                                          | yes  |
| example.com                                                                              | yes  |
---------------------------------------------------------------------------------------------------
Total of 2 domains found

[Expert@MyGW:0]#
 
[Expert@MyGW:0]# domains_tool -md example1.com example2.com
{
   "ResponseCode" : 0,
   "ResponseItems" : [
      {
         "DomainName" : "example1.com",
         "IPs" : [
            {
               "IP" : "2606:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:7b2c",
               "IsSubDomain" : false
            },
            {
               "IP" : "xxx.xxx.xxx.14",
               "IsSubDomain" : false
            }
         ],
         "IsFQDN" : "yes",
         "NumOfIPs" : 2
      },
      {
         "DomainName" : "example2.com",
         "IPs" : [
            {
               "IP" : "2606:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:8c3d",
               "IsSubDomain" : false
            },
            {
               "IP" : "xxx.xxx.xxx.25",
               "IsSubDomain" : false
            }
         ],
         "IsFQDN" : "yes",
         "NumOfIPs" : 2
      },
   ]
}

[Expert@MyGW:0]#
 
[Expert@MyGW:0]# domains_tool -o example.com
---------------------------------------------------------------------------------------------------
| Given Domain Name: example.com                                                                  |
---------------------------------------------------------------------------------------------------
| Object Type   | Object Name                                                                     |
---------------------------------------------------------------------------------------------------
| Domain        | example.com                                                                     |
---------------------------------------------------------------------------------------------------
Total of 1 objects found

[Expert@MyGW:0]#
 
[Expert@MyGW:0]# domains_tool -report
Would you like to run an extended test (for more information see sk161632)? [y/n] n
Looking for domains in policy


Results:
No Domain or Updatable or Network Feed object in policy
[Expert@MyGW:0]#
 
[Expert@MyGW:0]# domains_tool -report
Would you like to run an extended test (for more information see sk161632)? [y/n] y
Looking for domains in policy
Checking WSDNSD process is up and running
Checking whether DPL (DNS Passive Learning) is enabled
Trying to locate additional DNS servers (using tcpdump on DNS traffic for 60 seconds)

Results:
No issues found

[Expert@MyGW:0]#
[Expert@MyGW:0]# domains_tool -hc
Health-Check status is OK
[Expert@MyGW:0]#
 
[Expert@MyGW:0]# domains_tool -report ip 93.184.215.14

*****************************
* IP address: 93.184.215.14 *
* Timeframe: 2 hours        *
*****************************

Looking for policy objects associated with IP address 93.184.215.14
--> Found 1 objects

Looking for domains that were associated with IP address 93.184.215.14 but expired in the last 2 hours
--> Found 0 domains

Checking stability of DNS Passive Learning feature
--> Done

*** Analysis completed, report is available at /opt/CPsuite-R82/fw1/log/domains_report_1732993728.txt ***

[Expert@MyGW:0]#
 
[Expert@MyGW:0]# domains_tool -uo "Dropbox Services"

Domain tool looking for domains for 'Dropbox Services' and its children objects:

Domains name list for 'Dropbox Services':

        [1] *.dropboxapi.com
        [2] dropboxapi.com
        ... ...
        [105] files-eu.dropbox.com

[Expert@MyGW:0]#