[AusNOG] DNS test tool feedback

Michael Dale mdale at dalegroup.net
Fri Aug 1 22:45:26 EST 2014


On 1 Aug 2014, at 10:37 pm, Damien Gardner Jnr <rendrag at rendrag.net> wrote:

> Yeah, you need to walk up the root tree to fetch the NS (and especially glue), as using anything else you may not spot issues as the NS records coming back from your actual servers can overwrite what was initially learnt from the root servers in cache if the timing (re TTL) is *just* right..   I've seen quite a few weirdnesses where you lookup NS from the root servers, and query one of those NS's (NSii? lol) and get a different set of NS records come back.
> 
> It'd be really handy in your output if you make it really obvious if you're getting different records back from any of the DNS servers. (Maybe you are, but would be cool if you can, if you're not :) )

Yes I thought was pretty good with DNS before writing this tool but DNS servers can be odd with what they return! Root name servers are important to add. I have added disable recursion as an option which can be helpful too.

Currently the website will complain if your name server doesn’t have glue or doesn’t respond with an SOA for your domain, but I need to alert on mismatched serials and a bunch of other things.

From what I can see this tool currently does 2 things that intodns does not:

1 - Reports A/MX/TXT of each name server individually (could be useful if serials are mismatched)
2 - Displays TXT records.

In regards to the root name servers it *think* intodns just randomly picks a root name server to start with (depending on the TLD). 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140801/11f0421f/attachment.sig>


More information about the AusNOG mailing list