DNSViz at home
DNSViz is a powerful utility when you want to check you DNSSEC setup for your domains. DNSSEC is difficult to manage and makes a hard protocol (DNS) even harder.
You can find the online version of this tool here
I love Docker so that's how I choose to run it. First of all you of course need to have Docker installed.
Next, you can either clone the project on Github or download external dependencies manually.
I find it easiest to clone the project:
git clone https://github.com/dnsviz/dnsviz.git
Say you want to save the output to “/home/user1/dns” create the directory structure with this command:
mkdir -p /home/user1/dns/web
Go into the “dnsviz/external” folder on the local git clone and copy all *.js and *.css into “/home/user1/dns/web” folder.
I use the following script to run a test on a domain:
#!/usr/bin/env bash z=example.com docker run --network host -v "$PWD:/data:rw" dnsviz/dnsviz \ probe -A -a . --nsid --pretty-output -o $z.json $z docker run -v "$PWD:/data:rw" dnsviz/dnsviz \ graph -r $z.json -T png -O docker run -v "$PWD:/data:rw" dnsviz/dnsviz \ graph -r $z.json -T html -O # Modify the output html file with the matching directory for the js and css files. sed -i -e 's,file:///usr/share/dnsviz/css,web,' \ -e 's,file:///usr/share/dnsviz/js,web,' $z.html
Make it executable:
chmod +x run.sh
Before you run it change the “z” parameter to the domain you want to test and make sure you save the script in the directory “home/user1/dns”.
Also, remember to run the script as root otherwise Docker complains.
The script will output three files, example.com.html, example.com.png and example.com.json. You basically only need to open the html file in a browser to see the result.
You can run the queries by hand but you will have to handle the input and output of files yourself.
Fx. you could make a simple lookup like this:
sudo docker run dnsviz/dnsviz query example.com