How can I check if my DNS server is working?
ICMP ping is a poor test, as a working DNS server may firewall such requests. DNS-over-UDP has no "got a connection" handshake (SYN/SYN+ACK/ACK) that SSH-over-TCP does, so the best one can do is to throw DNS queries at the presumed DNS server and see what happens. These queries may not work if there is a firewall, or if the query runs afoul DNS rate throttling (at a firewall level or in the DNS server itself, more common these days due to DNS amplification attacks), or depending on the query or the DNS server (e.g. was it a recursive query to a non-recursive
NS? or is the client in what the DNS server considers a non-local view? etc.)
I usually use
Net::DNS in Perl programs) for DNS checks. Also look into monitoring software, as these should have support for monitoring, graphing, and reporting on DNS, though may be too heavy for use on an embedded router. Some
# possibly get server version info (unreliable) $ dig +short @220.127.116.11 TXT CHAOS version.bind "UW 3A7_3" $ dig +short @18.104.22.168 TXT CHAOS version.bind $
$ dig +short @22.214.171.124 NS example.org b.iana-servers.net. a.iana-servers.net. $ dig +short @126.96.36.199 SOA example.org sns.dns.icann.org. noc.dns.icann.org. 2015082419 7200 3600 1209600 3600 $
$ dig +short @188.8.131.52 A www.example.org 184.108.40.206 $ dig +short @220.127.116.11 CNAME www.example.org $
# checking via TCP and via IPv6 might also be useful $ dig +tcp +short @2001:4860:4860::8888 A www.example.org 18.104.22.168 $
There are also the
getent hosts commands, if you do not want to install the BIND utils. These are less or very much less powerful than
dig, though may suffice if you only need to check that a lookup for a particular host returns a particular IP.