zonecut

DNS Bajaj
- check the delegation of your domain

DNS Bajaj is a tool I made to help pinpoint errors when setting up nameservers for a domain. This is still a sort of "proof of concept" and the code is reflecting that.

Someone asked what a "bajaj" is and how it should be pronounced . Think of DNS Bajaj as "D N S By Eye". I hope this explains the stupid name.

DNS Bajaj is available for download here:

If you find it a little difficult to install the scripts -- don't worry -- it probably is. :)

Next I will try to explain what DNS Bajaj does and what you are actually seeing in the graphs.


DNS Bajaj - What it is

DNS Bajaj is a tool mainly for checking the delegation of a domain. As the name implies (or at least I hope so) it does this by making a graph of the interrelationships beteween all the nameservers involved in the managment of the domain and marking the servers that does funny stuff in a way that makes it easy to pinpoint them by sight - by eye if you want to.

DNS Bajaj is a perl-script using the Net::DNS-module to do the actual querying of the the nameservers. It gathers the information and feeds it to Graphviz from AT&T Research. It is Grapviz that does all the fancy graph-stuff - thanks to the team at AT&T for providing this cool tool.

Graphviz can do a lot of stuff and in DNS Bajaj I am only using the basics. Here is an example of how I'm using Graphviz to build a dynamic imagemap to show a topological map of a uucp-network I'm connected to - umunet

For some additional data I am also appending the output of "host -C" for the given domain.


DNS Bajaj - What it does

Lets go thru it all from the beginning by following the delegation of a domain from the very top.

The mother of all domains is the root-domain - not com, org or any other top level domain (TLD) - but just plain "." (thats a dot). What happens if we feed DNA Bajaj with this domain?

So there, nothing too exiting, right? A square with a dot in it and a long listing of all the root-nameservers. What if we feed it a TLD, say tm.?

Eh...this looks a little strange too. Ok, I will not try to explain this here but will just simply say that DNS Bajaj doesn't work well for the root-domain and TLDs. But then again, most of us are not involved in debugging the nameservers for these domains. And if you do, you do probably not need DNS Bajaj - or at least I hope so. :)

So, lets try a "real" domain - say nic.tm

Ok. In the square we se the name of the domain we asked for - nic.tm. The first step is then to ask the root-servers for the delegation of the tm-domain, that is what nameservers we could ask for information about all the domains under tm. This is why the first edge in the graph is marked "tm."
It will give us a list of nameservers and we will pick one (1) of them randomly and ask further about nic.tm. It will point out all the nameservers for nic.tm. and in doing so it will mark the edge with "nic.tm.".
Ok, next step. Now we take the nameservers mentioned in the delegation of from tm (now marked with blue arrow-heads) and in turn ask them about "nic.tm."
We will get a list from each of them, and we make edges accordingly ,marked with "nic.tm."

That's it! This looks perfect. Both the nameservers, ns1.nic.tm and ns2.nic.tm, make one edge to itself an one to the other. That is they both know about each other and are both authoritative.

If we have a multi-level domain, say just.some.domain.com, the trace will recurse down the tree, going all the way thru com, domain.com, some.domain.com and finaly just.come.domain.com.


Ok, that was interesting but a little boring. Things get more fun when setups are sub-optimal or plain broken. When there are alot of servers involved, possibly for a multi-level domain, things tend to get very messy with DNS Bajaj. The graph get large and tangled and there are edges all over the place. But given that a server does something odd it will be marked with a red circle, so it should be easy to spot anyway and pinpoints a place where you can start looking for errors.

Here I will show you a few senarios of sub-optimal or strange setups and what it looks like in DNS Bajaj.

Soon to come


DNS Bajaj - Know issues

  • Remember to feed DNS Bajaj with domain-names, not hosts-names, that is zonecut.net not www.zonecut.net. At this time DNS Bajaj does not try to check that first.


bjorn(a)zonecut.net - 2003-03-17