DNS scanning

just a little idea that i had one day when i was learning about DNS and networking. there must be systems out there that are not instandard set type=any queries, so i hacked up the following script:

#!/usr/bin/perl -w

#declarations
$timeout = shift;
$domain = shift || &usage;
$total = 0;

#input validation
if($timeout !~ /[0-9]{1,}/)
{
	die "Timeout value is numeric.\n";
}
if(-e "prefix")
{
	open(PRE, "prefix") || die "Unable to open the prefix file for reading.\n";
	{
		print "Starting DNS Scan v 3.0 by n3w7yp3....\n";
		print "Doing multiple DNS lookups on $domain with a timeout of $timeout seconds between requests...\n";
		system("touch host_file");
		while(defined($lookup = <PRE>))
		{
			chomp $lookup;
			system("host $lookup.$domain >> host_file");
			sleep($timeout);
			$total++;
		}
		print "DNS lookups complete.\n";
		print "Assembling list of hosts..\n";
		print "Based on the info recived the following hosts appear to be alive:\n\n";
		system("grep -v \"NXDOMAIN\" host_file");
		print "\nSUMMARY: A total of $total lookups were made.\n";
		system("rm host_file");
		close PRE;
		print "\n";
		exit;
	}
}
die "The prefix file was not found.\n";

#sub routines
sub usage
{
	die "Usage: $0 <timeout> <domain>\nTimeout is number of seconds to wait between sending requests.\nDomain is the domain to do lookups on.\n";
}

the prefix file contains a list of prefixes. here's the one that i use:

www2
web
web0
web1
web2
web3
web4
web5
whois
ns
ns0
ns1
ns2
ns3
ns4
ns5
dns
dns0
dns1
dns2
dns3
dns4
dns5
vpn
firewall
mail
mail0
mail1
mail2
mail3
mail4
mail5
maila
mailb
mailc
mx.mail
mx1.mail1
mx2.mail2
mx3.mail3
mx4.mail4
mx5.mail5
smtp
smtp0
smtp1
smtp2
smtp3
smtp4
smtp5
mx1.smtp1
mx2.smtp2
mx3.smtp3
mx4.smtp4
mx5.smtp5
store
support
news
login
gateway
db
db0
db1
db2
db3
db4
db5
sql
ftp
ftp0
ftp1
ftp2
ftp3
ftp4
ftp5
ssh
pop
intranet
intra
extranet
extra
irc
outlook
owl

—EDIT—

hmm, why wont the lines inside the loops tab over correctly?