Table of Contents
DNSViz at home
DNSViz is a powerful utility when you want to check you DNSSEC setup for your domains. DNSSEC is difficult to manage and makes a hard protocol (DNS) even harder.
You can find the online version of this tool here
Preparations
I love Docker so that's how I choose to run it. First of all you of course need to have Docker installed.
Next, you can either clone the project on Github or download external dependencies manually.
I find it easiest to clone the project:
git clone https://github.com/dnsviz/dnsviz.git
Say you want to save the output to “/home/user1/dns” create the directory structure with this command:
mkdir -p /home/user1/dns/web
Go into the “dnsviz/external” folder on the local git clone and copy all *.js and *.css into “/home/user1/dns/web” folder.
Run script
I use the following script to run a test on a domain:
#!/usr/bin/env bash z=example.com docker run --network host -v "$PWD:/data:rw" dnsviz/dnsviz \ probe -A -a . --nsid --pretty-output -o $z.json $z docker run -v "$PWD:/data:rw" dnsviz/dnsviz \ graph -r $z.json -T png -O docker run -v "$PWD:/data:rw" dnsviz/dnsviz \ graph -r $z.json -T html -O # Modify the output html file with the matching directory for the js and css files. sed -i -e 's,file:///usr/share/dnsviz/css,web,' \ -e 's,file:///usr/share/dnsviz/js,web,' $z.html
Make it executable:
chmod +x run.sh
Before you run it change the “z” parameter to the domain you want to test and make sure you save the script in the directory “home/user1/dns”.
Also, remember to run the script as root otherwise Docker complains.
The script will output three files, example.com.html, example.com.png and example.com.json. You basically only need to open the html file in a browser to see the result.
Single commands
You can run the queries by hand but you will have to handle the input and output of files yourself.
Fx. you could make a simple lookup like this:
sudo docker run dnsviz/dnsviz query example.com