I love DNS, on the one hand you can do many things with it (name resolution being the primary goal of course), and on the other hand it's one of the primary blame takers for any problem, right after blaming the network. It's also both robust and fragile: you can set up multiple resolvers for redundancy, but inconsistency will kill you. And to top it all off, you have to rely on third parties for domain resolution to work.
What can possibly go wrong with name resolution for your domains?
- Broken DNS server
- Inconsistent name resolution among your nameservers
- Domain registration lapsed
- Upstream problem (like .nl being utterly broken)
So, let's check them all! I've written a script that walks all possible resolution paths for a hostname and spots any inconsistencies. It can generate nice pictures with graphviz, and it can also function as a nagios plugin. When I first enabled it on all our domains, it turned up some inconsitencies at some of the registrars we use (old nameservers still being listed in their records), which fortunately didn't yet cause any problems for customers as most DNS implementations are robust and will try all nameservers until a working one is found.
If you want to try it out on your domain, go to ip.seveas.net/dnsgraph and try from there. It's a django app feeding a beanstalk queue with requests that are all traced in the background. Here's a live example: the AAAA record for ip.seveas.net:
I've left out the root and gtld nameservers, if you want to see the full picture, click here.
The code, as usual, can be found on github.