I'm implementing a DNS server and I wonder if there's any tool, preferably online, that I can use to test that I've implemented various features right. A tool that I could use to make various requests to the DNS server and test that it follows the rfc 1035 specification. Are there any "reference test cases" or something like that? Or are people who implement protocolls supposed to just read the english natural language documents and just trust they don't do any human mistakes while reading it? Wouldn't a standard be stronger if it had test cases and not just a description? Anyway, I digress, How to test a DNS server so it complies with the standard, please?
Asked
Active
Viewed 2,026 times
1
-
Of course you need good test cases rather than trust yourself. Devise some if you can't find it. Maybe you can publish it to become reference? Hehe. I am not expert of DNS server. – Sheen Nov 12 '10 at 15:08
-
I was hoping there would be some kind of test application, that could test at least a little. If I make test cases myself I might misinterpret the intentions of the standard. There should be some kind of standard test cases or something, I don't feel the document is really stringent or something. I would need some more in depth resource on dns than rfc 1035 and 1034. – Dude Dawg Homie Nov 12 '10 at 17:59
-
Nowadays, have a look at `deckard` from the .CZ registry. You also have specific nameservers configured to be broken in specific ways for DNSSEC tests: https://dnssec-tools.org/testzone/ ; this could be also very useful but does not seem finished/available at the moment I write this: http://www.circleid.com/posts/20160103_a_free_dns_conformance_test_suite/ ; have a look at source code of other nameservers, for example bind ships with a lot of unit test to check its conformance on various points. – Patrick Mevzek Sep 04 '18 at 21:31
-
You also have some website for specific tests (through browsers typically): https://dnssec.vs.uni-due.de/ for DNSSEC, https://www.dns-oarc.net/oarc/services/porttest for recursive, https://www.dns-oarc.net/oarc/services/replysizetest to test sizes support, or https://cmdns.dev.dns-oarc.net/ – Patrick Mevzek Sep 04 '18 at 21:35
-
You forgot to give a crucial piece of information: **recursive** or **authoritative** nameserver? These are two completely different beasts... – Patrick Mevzek Sep 04 '18 at 21:35
2 Answers
1
Zonecheck is probably the tool you're looking for:
It's open source, written in Ruby officially used by the French registry for .fr domains.
Oliver Peter
- 181
- 1
- 6
-
That site seems to be down. A little bit of searching seems to indicate that the tool is available as a command line utility: https://linux.die.net/man/1/zonecheck or as an online service at https://www.zonemaster.net/ – Grey Panther Mar 26 '18 at 05:35
-
1@GreyPanther .FR registry created Zonecheck (and it was used at some point for all domain name updates in .FR and then shutdown for that) and .SE created dnscheck. Both tools had basically the same goal (testing nameservers conformity to both some core protocol related rules (ex: replying over TCP) and some registry specific rules). Few years ago they decided to unite their forces (since both tools were written in Perl) so they wrote a new one to supersede these two, and hence Zonemaster is born. – Patrick Mevzek Sep 04 '18 at 21:28
0
The difficulies in devising a generic test suite for DNS servers are twofold:
- recursive servers need much more functionality than authoritative servers
- standard tests need a standardised set of test data
The latter is probably the largest problem - you'd have to find a way to load up your DNS server with all of the data that the test suite expects.
Alnitak
- 334,560
- 70
- 407
- 495