DNS record always guaranteed to exist?
-
Does anyone know of a DNS record that is guaranteed to always exist?
I need to auto-test DNS config on a hardware product and I'm struggling to determine if anything like this is available/guaranteed by RFC. I don't want to use
google.com
orourcompany.com
as the product service life may possibly exceed the life of one or the other.Edit: For clarity, the test is that the resolver exists AND that the resolver can actually resolve stuff, so I need to do a real lookup.
-
@Cursorkeys How about the reserved example domain names? (example.com/.net/.org) Those are supposed to be registered to IANA in perpetuity.
-
@Unperverted-Vixen said in DNS record always guaranteed to exist?:
@Cursorkeys How about the reserved example domain names? (example.com/.net/.org) Those are supposed to be registered to IANA in perpetuity.
That might be the best approach, although it just seems to say they're reserved not that they'll always have resolvable records. It's a fair bet that example.com will always have an A record I guess.
-
@Cursorkeys said in DNS record always guaranteed to exist?:
I don't want to use google.com or ourcompany.com as the product service life may possibly exceed the life of one or the other.
@Cursorkeys said in DNS record always guaranteed to exist?:
It's a fair bet that example.com will always have an A record I guess.
If you're looking that far into the future (presuming unencrypted DNS is still a thing there) you may want to look for the
AAAA
record forexample.com
instead....What are you actually testing for by the way? Whether you get any answer at all, or that you get an IP address for the associated query?
Simply querying for
.
will give you an answer from a DNS server, it just won't contain an IP address for it. It will (or should,) however, give you a reply in theAUTHORITY
section:$ dig . @8.8.8.8 ; <<>> DiG 9.11.4-3ubuntu5.1-Ubuntu <<>> . @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41759 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;. IN A ;; AUTHORITY SECTION: . 47051 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019022802 1800 900 604800 86400 ;; Query time: 9 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Fri Mar 01 16:03:47 GMT 2019 ;; MSG SIZE rcvd: 103
Of course, if you absolutely require an IP address for a host name guaranteed to exist, you could use the SOA in the reply from that previous query to build a second:
$ dig A a.root-servers.net. @8.8.8.8 ; <<>> DiG 9.11.4-3ubuntu5.1-Ubuntu <<>> A a.root-servers.net. @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43519 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;a.root-servers.net. IN A ;; ANSWER SECTION: a.root-servers.net. 121951 IN A 198.41.0.4 ;; Query time: 9 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Fri Mar 01 16:05:53 GMT 2019 ;; MSG SIZE rcvd: 63
-
@PJH said in DNS record always guaranteed to exist?:
If you're looking that far into the future (presuming unencrypted DNS is still a thing there) you may want to look for the AAAA record for example.com instead....
Very good points. IPv4 needs to still exist for the product to work and I have a bastardised
nslookup
, so A is all I get unfortunately.@PJH said in DNS record always guaranteed to exist?:
What are you actually testing for by the way? Whether you get any answer at all, or that you get an IP address for the associated query?
This thing has an automatic DNS server selection...except that sometimes it selects a resolver that only emits NXDOMAIN for everything. I need a way to check if the resolver selected is actually capable of doing a real query. And hopefully not make it too dependant on certain things still being around up to a decade or two in the future.
-
@Cursorkeys from that description,
A
forexample.com
is about the closest you're going to get I think.
-
How about the DNSKEY record on
.
?If that goes away, every DNS resolver that supports DNSSEC immediately stops working.
-
@ben_lubar said in DNS record always guaranteed to exist?:
How about the DNSKEY record on .?
I suspect no, because
@Cursorkeys said in DNS record always guaranteed to exist?:
I have a bastardised nslookup, so A is all I get unfortunately.
-
Goatse
-
@Lorne-Kates said in DNS record always guaranteed to exist?:
Goatse
Nope. It's already been removed once due to an AUP violation.
Besides, which one?
-
@PJH said in DNS record always guaranteed to exist?:
@Lorne-Kates said in DNS record always guaranteed to exist?:
Goatse
Nope. It's already been removed once due to an AUP violation.
Besides, which one?
You can use anyone you want. The choice is wide open.