[AusNOG] DNS test tool feedback

David Jericho davidj at diskpig.org
Sat Aug 2 09:30:02 EST 2014


With respect to the query root name servers, and then the drop down for
other servers when walking the tree, depending on the tool you're using, be
very careful to ensure you're not actually walking the tree and hitting a
cached answer. named can hand back very different answers sometimes
depending on what the rules of invalidation run.

I suppose the feature there is the ability to compare the responses of
every server in the tree, direct from the server, and confirm they all line
up, including the final servers. I've come across far too many examples of
sites where their "load balancing" devices are handing back different zones
from each other, and sometimes with broken SOA and NS records. This is
where the rules of invalidation then cause issues, and it takes a fair bit
of care to assess that by hand. If you would like some examples, I can
certainly dig them up (I prefer not to publicly name the guilty parties,
rather educate)

Definitely a handy tool all the same, it's in my bookmarks now. Thankyou :)

On Fri, Aug 1, 2014 at 11:15 PM, Michael Dale <mdale at dalegroup.net> wrote:

> So my current list is:
>
> - Query root name servers
> - Connect to MX records and display first response (might not be a great
> idea??)
> - Drop down list of other common DNS servers to query
> - PTR records for various things
> - Validate domain names better
> - Better IPv6 support
> - Better rDNS support
> - Try and do an AXFR (I think this would be useful)
> - Better reporting
> - Some TTL stuff
>
> Lots!
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140802/7d684bc7/attachment.html>


More information about the AusNOG mailing list