Testing nameserver configuration using it

Question

I have configured my nameserver, and I want to test it before letting it go online. So, how could I say that a specific domain (let's say example.com) should be resolve using a specific nameserver (let's say ns.something.example). I expect some local configuration, because I don't want others to use this nameserver, of-course.

Note that others will not use this nameserver (except out of luck, target attack/monitoring or just some very bad configuration elsewhere) until some domains are delegated to it from some parent zones (if we are indeed talking about an authoritative nameserver). — Patrick Mevzek, Sep 04 '18 at 21:09

score 2 · Answer 1 · answered Aug 24 '12 at 16:44

If you don't already know the FQDN of the nameserver(s) for example.com, then go to http://www.dnsstuff.com and do a WHOIS lookup to discover the nameservers. Let's assume they are ns1.dns.com and ns2.dns.com.
Using that information, and assuming your new nameserver has IP address 192.168.1.10, add/save this in your C:\Windows\System32\drivers\etc\hosts file on your test machine:

192.168.1.10 ns1.dns.com ns2.dns.com
Open a command prompt and type ipconfig /flushdns
Using the nslookup command at the command prompt, run some tests against your new nameserver. For example, nslookup www.example.com.
Now look at the output from nslookup. The first pair of lines indicate the nameserver that answered your request and the IP address of that nameserver. It should be the IP address of your new nameserver. The next set of lines will show the name of the machine you asked for (www.example.com) and its IP address or addresses.
Once you are satisfied and completed your testing, remove the entries you added to your hosts file in step 2, then repeat step 3.

score 2 · Accepted Answer · edited Sep 04 '18 at 21:07

2

nslookup is able to do that. It would go like nslookup -debug example.com ns.something.example

edited Sep 04 '18 at 21:07

Patrick Mevzek

9,921
7
32
43

answered Aug 25 '12 at 04:33

semekh

145
6

score 0 · Answer 3 · answered Aug 24 '12 at 16:18

0

The simplest test you can run is just to issue queries directly against the nameserver for some zone you have already setup for testing. If it responds it is most likely all set. Its just a matter of having some test domain out there you can then assign its NS records to point to your new box.

answered Aug 24 '12 at 16:18

Brent Pabst

6,069
2
24
36

Responding is good indeed, but you should double check that you get an authoritative reply (`aa`) flag and also check DNSSEC eventually (query with and without `+cd` in dig) – Patrick Mevzek Sep 04 '18 at 21:07

score 0 · Answer 4 · answered Aug 24 '12 at 16:20

The local configuration for overriding specific entries in the name resolution process is the hosts file, which doesn't have the flexibility needed to override a certain part of the DNS lookup process as you're looking for.

Command line tools for domain lookups have the ability to specify a certain server to query against - just use that to verify that your system is responding the way that it's expected to.

Testing nameserver configuration using it

4 Answers4

Linked

Related