DNS tools for developers

[+] zaphoyd|14 years ago|reply

A friendly reminder from a sysadmin/web app developer who has to deal with dns and network issues in the real world and would like to use a nice clean UI tool like this: Lack of IPv6 support is a deal breaker.

EDIT: for friendliness.

[+] gabyar|14 years ago|reply

This is very useful, and to call it disappointing is rude to the creator of the tool. Why would you say something so negative just because it's not perfect? This is the problem with Hacker News these days - people can't wait to say something nasty.

[+] guylhem|14 years ago|reply

It's a nice website, but developers would be more inspired to try tools such as dnrd which allows one to run multiple dns servers on one machine and reverse-proxy the requests.

Ex on my dsl modem where I love to test stuff:

dnrd-port53 -a 192.168.178.1 -m off -s 127.0.0.1:mydomain.com -s 127.0.0.2:local -s 127.0.0.4:fritz.box -s 127.0.0.4:178.168.192.in-addr.arpa -s 213.16.20.51 -s 213.188.172.70 -s 74.82.42.42 -u dns -R /tmp/dnrd -l

This runs dnrd (hardcoded to bind on port 53 - I sometimes use other ports), and case switch the requests : if it ends by .mydomain.com, it goes to 127.0.0.1 if it ends by .local, it goes to 127.0.0.2 if it ends by .fritz.box, it goes to 127.0.0.4 if it ends by .178.168.192.in-addr.arpa (reverse), it goes to 127.0.0.4 everything else goes to 213.16.20.51, 213.188.172.70, 74.82.42.42 : if one stops responding it's removed from the list and the others are used.

THAT is a tool for developpers.

Shameless plug : bind6.c on http://code.google.com/p/guylhem/source/browse/bind6.c : if you also have a fritzbox dsl modem, you can "force bind" its default dns server to a given ip:53 instead of *:53, allowing another servers on say 127.0.0.1 :

killall multid; LD_PRELOAD=bind6.so BIND_IPV6=::ffff:127.0.0.4 /sbin/multid -v -d -U -P

[+] flyt|14 years ago|reply

robtex.com is my go-to for DNS/AS/IP info.

google.com domain report: http://www.robtex.com/dns/google.com.html#summary

google AS peering info: http://www.robtex.com/as/as15169.html#peer

netblock info: http://www.robtex.com/route/74.125.0.0-16---google.html

[+] JOfferijns|14 years ago|reply

Very useful!

It seems this was posted by the developer of this site himself, so I've got a feature request: combining these tools. For example, you enter a domain name or IP address and you get the following information:

- DNS report

- Reverse IP

- Port scan

- Chinese/Iran Firewall test

- DNSSEC

- IP location (maybe of nameserver IPs as well?)

- PageRank check

- Traceroute

- Ping

- DNS records

- HTTP headers

- Spam DB lookup

- ASN

Adding this would make things a whole lot easier, I hope you will consider it!

[+] redler|14 years ago|reply

There's an API[1], so this is something one could throw together pretty easily, assuming there are no limits to prevent it.

[1] http://viewdns.info/api/

[+] rebelde|14 years ago|reply

I agree, or at least include the main info in one simple "IP info" page.

[+] ioquatix|14 years ago|reply

If this is interesting for you, you may also be interested in my http://www.oriontransfer.co.nz/gems/rubydns tools.

[+] gergles|14 years ago|reply

Seems a little buggy:

"Oops! Your SOA serial number (2012041402) doesn't seem to be in the recommended format (YYYYMMDDnn - where nn is the revision number)."

Looks like it's in that format to me?

[+] jbarham|14 years ago|reply

The command-line tools bundled with djbdns are nice (http://cr.yp.to/djbdns/tools.html & http://cr.yp.to/djbdns/debugging.html) and IMO are easier to use than dig.

http://www.dnsvalidation.com/ is also a nicely done site for checking DNS configuration.

[+] stock_toaster|14 years ago|reply

The drill tool that NSD built atop ldns[1] is pretty sweet too. Some of the other ldns tools are quite useful too.

[1]: http://www.nlnetlabs.nl/projects/ldns/

[+] ranit8|14 years ago|reply

[deleted]

[+] huhtenberg|14 years ago|reply

The DNS propagation checker -- is there an existing framework that this site interfaces or is it something that they rolled out on their own? I've seen some services that use a dozen of servers to run the check, but this is hardly sufficient ad it excludes the last mile (where all the fun stuff is).

[+] stevenjgarner|14 years ago|reply

I think it is especially amusing that (according to viewdns.info), dnssec.net itself does not have DNSSEC enabled (while it is producing a response for verisign.com for example). Thoughts on the virtues of DNSSEC? Why are you (not) using it?

[+] brokentone|14 years ago|reply

I'm interested in more details about how the "Iran Firewall Test" works. It shows my site as blocked, while I can confirm it elsewhere, it would be nice to know how this determined that.

[+] jtheory|14 years ago|reply

I suspect it's getting hammered at the moment -- the Iran check returned an error for me, and the Google page rank check for "google.com" or "yahoo.com" still reports "Sorry, we couldn't seem to find that domain in Google's cache."

To the developer: this is a great time to refine the error handling (plus scaling, of course). :)

E.g., make sure when the requests fail (for whatever reason) that it can report this back to the user clearly.

[+] nphase|14 years ago|reply

Awesome! It's like dnsstuff but free again! Thanks!

[+] kenny_r|14 years ago|reply

I woulnd't say this is just for developers, I'm a sysadmin and this is definitely something I'll add to my toolbox.

[+] known|14 years ago|reply

http://mrdns.com/ is also good

[+] clippit|14 years ago|reply

I love the Chinese Firewall Test XD

[+] mkramlich|14 years ago|reply

+1 for having an API. I'm increasingly on a rampage to replace anything I currently have to do via GUI or web browser with something I can do via CLI or API. So much faster, more automatable, less visual fluff and cognitive overhead.

[+] huoju|14 years ago|reply

Cool! "Chinese Firewall Test"..

26 comments