Contact

Dennis Kaarsemaker

Tracing DNS resolution with dnspython, beanstalk and graphviz

Last update on Oct. 2, 2012.

I love DNS, on the one hand you can do many things with it (name resolution being the primary goal of course), and on the other hand it's one of the primary blame takers for any problem, right after blaming the network. It's also both robust and fragile: you can set up multiple resolvers for redundancy, but inconsistency will kill you. And to top it all off, you have to rely on third parties for domain resolution to work.

What can possibly go wrong with name resolution for your domains?

  • Broken DNS server
  • Inconsistent name resolution among your nameservers
  • Domain registration lapsed
  • Upstream problem (like .nl being utterly broken)

So, let's check them all! I've written a script that walks all possible resolution paths for a hostname and spots any inconsistencies. It can generate nice pictures with graphviz, and it can also function as a nagios plugin. When I first enabled it on all our domains, it turned up some inconsitencies at some of the registrars we use (old nameservers still being listed in their records), which fortunately didn't yet cause any problems for customers as most DNS implementations are robust and will try all nameservers until a working one is found.

If you want to try it out on your domain, go to ip.seveas.net/dnsgraph and try from there. It's a django app feeding a beanstalk queue with requests that are all traced in the background. Here's a live example: the AAAA record for ip.seveas.net:

I've left out the root and gtld nameservers, if you want to see the full picture, click here.

The code, as usual, can be found on github.

Next entry

Previous entry

Comments

  1. foo

    foo on 10/01/2012 5:10 a.m. #

    Dude, please package that for Debian!!!

  2. Kurt Kraut

    Kurt Kraut on 10/01/2012 10:24 p.m. #

    The queue is getting bigger and not reducing. Is there some process or queue stuck?

  3. Dennis Kaarsemaker

    Dennis Kaarsemaker on 10/01/2012 11:26 p.m. #

    Thanks Kurt, didn't notice that yet as I was busy celebrating my 30th birthday :)

    2 bugs fixed and the queue is happily spinning again.

  4. maze

    maze on 10/02/2012 9:32 a.m. #

    Nice, did you know http://dnsviz.net/d/freecode.nl/dnssec/ already?

  5. Daviey

    Daviey on 10/04/2012 12:08 p.m. #

    Really nice! Thanks for this, great tool.

  6. michele

    michele on 03/25/2013 11:39 p.m. #

    Good job Dennis. At BuddyNS we developed something similar. It's specific to delegation and it gives some additional information such as IPv6 availability and geographical location of traced servers.

    We call it Delegation Lab. Let us know if you have comments!

    http://www.buddyns.com/delegation-lab/

Post your comment

Calendar

September 2012
SunMonTueWedThuFriSat
  October 2012
      1
2345678
9101112131415
16171819202122
23242526272829
30