Test your DNS with DIG

If you have ever maintained your own DNS, you’ll know it can be a bit of a ‘bind’. A typographic error can have catastrophic repercussions. I stumbled across a sweet shell script a few moths ago which I use to test the configuration of my DNS server.

The script utilises the Linux ‘dig’ command. The dig command is quite nicely described in its man page:

dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried.

In the context of the post, I use dig to perform a forward lookup e.g. host-name->IP address.  This achieved by executing the following command:

dig http://www.google.com

This returns google’s IP – 209.85.229.99.  Dig also permits you to preform a reverse lookup e.g. IP->host-name

dig -x 209.85.229.99

This returns the host-name of the IP in question – google.com.  Thus, you can perform a circular test of your domains by combining both commands. Hopefully, you can see were I’m going now!  The shell script I stumbled up-on simply iterates around the 253 host of a class C network, printing the state of the forward and reserve lookup of each host in a tabular output.

Here is the script it all its glory:

#!/bin/bash
# test DNS forward- and reverse-mapping#
# edit this variable to reflect local class C subnet(s)
NETS="192.168.1 192.168.2 192.168.3"
# Test address to name to address validity
echo
echo -e "\taddress -> name -> address"
echo '-------------------------------------'
for NET in $NETS; do
for n in $(seq 1 254); do
A=${NET}.${n}
HOST=$(dig -x $A +short)
if test -n "$HOST"; then
ADDR=$(dig $HOST +short)
if test "$A" = "$ADDR"; then
echo -e "ok\t$A -> $HOST -> $ADDR"
elif test -n "$ADDR"; then
echo -e "fail\t$A -> $HOST -> $ADDR"
else
echo -e "fail\t$A -> $HOST -> [unassigned]"
fi
fi
done
done

Sample output:

address -> name -> address

————————————-

ok 192.168.1.2 -> pluto.planets.local. -> 192.168.1.2

fail 192.168.1.3 -> mars.planets.local. -> [unassigned]

ok 192.168.1.4 -> venus.planets.local. -> 192.168.1.4

ok 192.168.1.5 -> uranus.planets.local. -> 192.168.1.5

fail 192.168.1.6 -> earth.planets.local. -> 192.168.1.8

ok 192.168.1.7 -> jupitor.planets.local. -> 192.168.1.7

As you can see the script identifies two errors in the output above.  The first failure indicates the host ‘mars.planets.local’ has no reverse lookup.  The second shows a mismatch between the forward and reverse entries for the host ‘earth.planets.local’ .

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s