Checkdomain FAQ

 

So what’s it all about, then?

Checkdomain is intended to check that DNS delegations from a registry have been done correctly, that the answers being given by the registry agree with answers being given by primary and secondary name servers, and that those name servers are correctly set up. It also checks that common services are resolvable.

Whoa! Delegations? Registry? What is this?

Sorry, but I do assume you know what the DNS is and roughly how it works. I suggest reading:

DNS and BIND, Fourth Edition
By Paul Albitz & Cricket Liu
O’Reilly & Associates, Inc
April 2001 ISBN 0-596-00158-4

That said, Checkdomain does try to explain its findings in plain English, with suggestions as to how to correct common errors. Basically, read the book, set up your DNS, and then use Checkdomain to see if you’ve done it right.

Your checker is lying! Who do I sue?

You don’t. Checkdomain is a free service. As such, under NZ law there is no consideration, therefore no contract that can be enforced. I can take it away tomorrow, or make it tell complete porkies. Whatever happens, I accept no liability for any (mis)use this script or its output is put to.

What are porkies?

Cockney rhyming slang: lies -> pork pies -> porkies. Let’s stay on topic, shall we?

Alright, so what if it is telling porkies?

It probably isn’t, however it does do a number of its queries via the local name server, which can cache the records it receives. If you’re really sure you’ve set things up one way and Checkdomain insists that the changes haven’t taken place, come back in a few hours and try again. How long you have to wait will depend on what the time-to-live parameters was set to for the cached records at the time it cached them.

(It’s a good idea, prior to changing DNS records, to change the TTLs to a short period, say 15 minutes or so. You have to do this well in advance; if you normally have the TTLs set to one day, you have to lower them a full day before making the changes.)

So can I check anyone’s DNS then?

Yep. It’s not tied to any particular DNS registry, as it does all its work via DNS queries. And since those queries are very much like any other DNS query, nobody much is likely to notice. That doesn’t say nobody will notice; some very paranoid sites may want to know who is probing them.

But you won’t tell them, will you?

I might. As far as I’m concerned, a site has every right to know who is probing them; as such I have no objection to passing the IP address initiating a query on a site to that site’s administrator if asked nicely. So please use a little discretion when using this service.

Why doesn’t it say much if I put in my Web address?

Because that’s not what it’s intended for. If your web site is at www.my.domain, your domain name is (usually) my.domain. So leave off the “www.” and it’ll be much more useful. URLs (eg http://www.my.domain/) are Right Out.

It said my domain was OK. So why doesn’t my web site work?

Beats me. Assuming you saw a line like:

WWW server www.my.domain found, IP address 192.168.123.45 (www.my.domain).

in the output, all I can say is that the IP address is resolvable. Checkdomain makes no attempt to check if the actual services behind the domain name are working, or if indeed there is anything configured with the IP address it found.

So why don’t you check?

Because it’s intrusive. If I query a site’s web, mail or FTP servers, it may be treated as a hostile attack. DNS servers tend to do little logging, and anyway the UDP queries Checkdomain does do are very similar to normal queries for a domain.

UDP queries? You don’t do zone transfers?

No, I don’t need to. Checkdomain isn’t intended as a general DNS checker; it’s mainly a delegation checker, but also checks names associated with common services, simply because it can. Zone transfers are often disabled by name servers because revealling internal addresses can sometimes provide useful information to a potential attacker, so Checkdomain can not rely on the information being available. In addition, zone transfers can also set off security alarms at a site.

Wow, are you paranoid or what?

Just covering my bum. If you really want to annoy another site’s administrator, you do it from your own computer and don’t involve mine. I suggest that you think twice about it though.

I get it now! Hey this is cool, how do I thank you?

Kudos, bug reports, money, suggestions, money etc can be sent to me (Don Stokes) at my office. Hey, feel free to rub my ego a bit!