How can I check if my DNS server is working?
ICMP ping is a poor test, as a working DNS server may firewall such requests. DNS-over-UDP has no "got a connection" handshake (SYN/SYN+ACK/ACK) that SSH-over-TCP does, so the best one can do is to throw DNS queries at the presumed DNS server and see what happens. These queries may not work if there is a firewall, or if the query runs afoul DNS rate throttling (at a firewall level or in the DNS server itself, more common these days due to DNS amplification attacks), or depending on the query or the DNS server (e.g. was it a recursive query to a non-recursive NS
? or is the client in what the DNS server considers a non-local view? etc.)
I usually use dig
(or Net::DNS
in Perl programs) for DNS checks. Also look into monitoring software, as these should have support for monitoring, graphing, and reporting on DNS, though may be too heavy for use on an embedded router. Some dig
examples:
# possibly get server version info (unreliable)
$ dig +short @128.95.120.1 TXT CHAOS version.bind
"UW 3A7_3"
$ dig +short @8.8.8.8 TXT CHAOS version.bind
$
$ dig +short @8.8.8.8 NS example.org
b.iana-servers.net.
a.iana-servers.net.
$ dig +short @8.8.8.8 SOA example.org
sns.dns.icann.org. noc.dns.icann.org. 2015082419 7200 3600 1209600 3600
$
$ dig +short @8.8.4.4 A www.example.org
93.184.216.34
$ dig +short @8.8.4.4 CNAME www.example.org
$
# checking via TCP and via IPv6 might also be useful
$ dig +tcp +short @2001:4860:4860::8888 A www.example.org
93.184.216.34
$
There are also the nslookup
and getent hosts
commands, if you do not want to install the BIND utils. These are less or very much less powerful than dig
, though may suffice if you only need to check that a lookup for a particular host returns a particular IP.