DEV Community

Pavol Z. Kutaj
Pavol Z. Kutaj

Posted on

Explaining DNS NXDOMAIN status in SOA Record Type: On Non-Existing Domains

#dns #network

The aim of this pageđź“ť is to explain DNS querying and filtering using jq and doggo. This is Today I Learned (TIL) about DNS (for an advanced intro New talk: Learning DNS in 10 years is just amazing!). Sharing a bit of tools I use to do that in a few lines of bash (doggo + jq).

  • I received an alert indicating that a domain, created for the generation of first-party cookies, stopped resolving DNS. This caused an alert and brought me to this task to monitor the health of the customer domain space.
  • We often need to check domain records, such as A and SOA records.
  • jq is a lightweight, flexible command-line JSON processor. which is great, see https://news.ycombinator.com/item?id=28266193
  • doggo is a command-line DNS client used for querying DNS records, see Show HN: Doggo – A powerful, human-friendly DNS client for the command line | Hacker News
  • The aim is to filter domains that do not have an A record but have SOA and NXDOMAIN responses.
  • NXDOMAIN indicates a non-existent domain.
  • SOA (Start of Authority) records contain administrative information about the domain.
  • Domains are listed in domains_to_check.txt. 
for domain in $(cat domains_to_check.txt); do
    # Perform a DNS query for A records using doggo
    a_record=$(doggo "$domain" A --short)

    # Check if the A record is empty
    if [ -z "$a_record" ]; then
        # If no A record, perform a DNS query and filter for SOA records
        doggo "$domain" --json | jq -c '{"domain": $input_line, "soa": [.responses[].authorities[]? | select(.type=="SOA")], "status": .status}' --arg input_line "$domain" | jq 'select(.soa != [] and .status == 3)'
    fi
done
Enter fullscreen mode Exit fullscreen mode

Example Non-Existing SOA Record JSON

Here is an example of a JSON response for a non-existing SOA record:

{
  "responses": [
    {
      "answers": null,
      "authorities": [
        {
          "name": "com.au.",
          "type": "SOA",
          "class": "IN",
          "ttl": "1800s",
          "mname": "q.au.",
          "rname": "hostmaster.donuts.email",
          "serial": 1734513429,
          "refresh": 7200,
          "retry": 900,
          "expire": 1209600,
          "minimum": 3600,
          "status": "NXDOMAIN",
          "rtt": "53ms",
          "nameserver": "8.8.8.8:53"
        }
      ]
    }
  ]
}
Enter fullscreen mode Exit fullscreen mode

Explanation

  • Loop through each domain.
  • Use cat to read domains from domains_to_check.txt.
  • Check A records using doggo.
  • If no A record, check SOA records.
  • Filter JSON response for SOA and NXDOMAIN using jq.
  • Example JSON shows the structure of a non-existing domain's SOA record.

LINKS

https://stedolan.github.io/jq/
https://doggo.mrkaran.dev/docs/

Top comments (0)

Read next

sergelogvinov profile image

Network performance optimization with Nvidia ConnectX on Proxmox

Serge Logvinov -

karthiksakthiveltechie profile image

AWS Firewall Manager now supports retrofitting of existing AWS WAF Web ACLs

Karthik Sakthivel -

i_am_vesh profile image

A Complete Guide to Docker Networks: Understanding and Optimizing Container Networking-Docker day 2

Avesh -

tusharops_29 profile image

Docker Networking – Basics, Network Types & Examples

Tushar Gayakwad -