Closed frnkblk closed 5 years ago
Yes we have tool for this: https://gitlab.labs.nic.cz/knot/edns-zone-scanner/
Input has form of zone file, so you can create a "fake root" zone with delegations you want to test. Example:
. 18000 IN SOA . . 0 0 0 0 0
. 18000 IN NS l.root-servers.net.
example.com. 18000 IN NS a.iana-servers.net.
example.com. 18000 IN NS b.iana-servers.net.
example.net. 18000 IN NS a.iana-servers.net.
example.net. 18000 IN NS b.iana-servers.net.
You have to list NS records for each delegation you want to test in the zone file. It is a bit inconvenient but it makes the test much more reliable and gets around bunch of problems with unreliable NS queries.
Documentation is here: https://gitlab.labs.nic.cz/knot/edns-zone-scanner/tree/master/doc
Let me know if you encounter any problem with using the tool, preferably using https://gitlab.labs.nic.cz/knot/edns-zone-scanner/issues . Have fun!
Sorry, I should have been more clear -- we don't host most of these customer's zones, but we want to test them, as a courtesy.
If you want you can use this procedure on any zone - the only thing needed is to find out NS records for these. You can just use whatever is produced by dig zone NS
+ the header listed in my previous comment.
Procedure using dig
assumes you want to test child-side NS records. Obtaining parent-side NS records is more complicated.
Unfortunately there is no simple answer or recommendation how to obtain NS records because it depends on what you want to test, and de-synchronized NS records between parent and child zones make things complicated.
Thanks. What about a form on the dnsflagday site where we can submit a bunch of domains to get tested and we are shown or emailed the results?
I can see your ask but we do not have resources to do that ourselves. If anyone has capacity to provide such service I will happily add link to it.
I'd like to test all my customer's and partner's domains -- is there an online tool that I can use to dump a long list and have them tested?