Hello,
I've got Bind running on a server and although access to the domains I've set up is correct. I was wondering if there was an online (or offline) tool to check if I had setup the service correctly?
Regards
Steve Griff
-
Ask a public recursive server for the records.
For example, if I just setup some record for randomtest.example.com on my server that's authoritative for example.com,
host -t any randomtest.example.com. [8.8.8.8][1]will tell me if it is getting out to other nameservers on the internet.
From chris -
Bind include a set of tools for testing configuration and zone files. The man pages of named-checkzone and named-checkconf should give you all the informations you may need.
chris : That'll tell you if you've got the zones and server itself configured correctly, but it won't tell you if anyone on the internet will get the data, or if you've made a syntax error in the records that is "valid" but not what you mean, such as a missing trailing period.Benoit : @chris: indeed, it will only tell you if you have "setup" the service correctly, as asked by Steve. No one except you can tell if there is a typo in a record. Your only way to find out it to check the content of the zone files.From Benoit -
ZoneCheck is available online or for download http://www.zonecheck.fr/
From huguei -
http://www.intodns.com is a good free online tool.
Steve Griff : I like this. Gives an informative, easy to read report on the DNS.bortzmeyer : Fails on IPv6 name servers (in 2010!), warns when there is only one MX record (they don't know the difference between email and the Web?). Poor service, IMHO.Cristian Ciupitu : @bortzmeyer: you must admit that IPv6 isn't mainstream yet. As for the MX record, don't you think that it's normal to *warn* the user if a domain has less than 2 MX records? By the way what's the difference between email and the web and how can a DNS checking service tell the difference?bortzmeyer : The difference is that the Web is synchronous (you query a server, it must be available and reply immediately) while the mail is asynchronous (if the downstream MTA is not available, the upstream MTA queues and retries later). So, no, I don't agree, the vast majority of domains should have only one MX (gmail.com is of course a different case...)bortzmeyer : @Cristian Ciupitu Regarding IPv6, the problem is not that these services do not have IPv6 support (which would be understandable).The problem is that they FAIL when they encounter an IPv6 name server (marking the server as invalid) instead of simply ignoring it (as an IPv4-only DNS resolver would do). For instance, an option "Transport layer" of Zonecheck allows you to disable IPv6 and, in that case, IPv6 name servers are simply ignored.Cristian Ciupitu : @bortzmeyer: that would be a valid issue indeed, but as I've said before IPv6 is still not mainstream; I don't think that many people are affected by it.From Cristian Ciupitu -
Many good Web tools (and a lot of bad ones):
http://www.zonecheck.fr/ (also available as a local command-line tool, free software)
http://dnscheck.iis.se (with DNSSEC)
http://dnsviz.net/ (specially for DNSSEC)
http://www.infoblox.com/services/dns_advisor_tool.cfm (requires your email address)
I wrote a paper summarizing the tools, the good and the bad: http://www.bortzmeyer.org/tests-dns.html
From bortzmeyer -
You can issue direct queries to your server using host/dig to test Bind configuration:
host -t soa yourdomain.com server_ip # fetch SOA record host -t ns yourdomain.com server_ip # fetch NS records host -t mx yourdomain.com server_ip # fetch MX records host yourdomain.com # fetch A recordor just
host -t any yourdomain.com server_ip # fetch allI do recommend you to run tests from another machine to detect problems with firewall, interface binding, etc. If you don't want to muck with command line just use one of the online tools.
http://www.dnsinspect.com it's an another online DNS testing tool.
From vitalie
0 comments:
Post a Comment