DEV Community

Pavol Z. Kutaj
Pavol Z. Kutaj

Posted on

Explaining DNS NXDOMAIN status in SOA Record Type: On Non-Existing Domains

#dns #network

The aim of this pageđź“ť is to explain DNS querying and filtering using jq and doggo. This is Today I Learned (TIL) about DNS (for an advanced intro New talk: Learning DNS in 10 years is just amazing!). Sharing a bit of tools I use to do that in a few lines of bash (doggo + jq).

  • I received an alert indicating that a domain, created for the generation of first-party cookies, stopped resolving DNS. This caused an alert and brought me to this task to monitor the health of the customer domain space.
  • We often need to check domain records, such as A and SOA records.
  • jq is a lightweight, flexible command-line JSON processor. which is great, see https://news.ycombinator.com/item?id=28266193
  • doggo is a command-line DNS client used for querying DNS records, see Show HN: Doggo – A powerful, human-friendly DNS client for the command line | Hacker News
  • The aim is to filter domains that do not have an A record but have SOA and NXDOMAIN responses.
  • NXDOMAIN indicates a non-existent domain.
  • SOA (Start of Authority) records contain administrative information about the domain.
  • Domains are listed in domains_to_check.txt. 
for domain in $(cat domains_to_check.txt); do # Perform a DNS query for A records using doggo a_record=$(doggo "$domain" A --short) # Check if the A record is empty if [ -z "$a_record" ]; then # If no A record, perform a DNS query and filter for SOA records doggo "$domain" --json | jq -c '{"domain": $input_line, "soa": [.responses[].authorities[]? | select(.type=="SOA")], "status": .status}' --arg input_line "$domain" | jq 'select(.soa != [] and .status == 3)' fi done
Enter fullscreen mode Exit fullscreen mode

Example Non-Existing SOA Record JSON

Here is an example of a JSON response for a non-existing SOA record:

{ "responses": [ { "answers": null, "authorities": [ { "name": "com.au.", "type": "SOA", "class": "IN", "ttl": "1800s", "mname": "q.au.", "rname": "hostmaster.donuts.email", "serial": 1734513429, "refresh": 7200, "retry": 900, "expire": 1209600, "minimum": 3600, "status": "NXDOMAIN", "rtt": "53ms", "nameserver": "8.8.8.8:53" } ] } ] }
Enter fullscreen mode Exit fullscreen mode

Explanation

  • Loop through each domain.
  • Use cat to read domains from domains_to_check.txt.
  • Check A records using doggo.
  • If no A record, check SOA records.
  • Filter JSON response for SOA and NXDOMAIN using jq.
  • Example JSON shows the structure of a non-existing domain's SOA record.

LINKS

https://stedolan.github.io/jq/
https://doggo.mrkaran.dev/docs/

Top comments (0)