Testing DNS Infrastructure with Goss
In a previous post we got an introduction to "Easy Infrastructure Testing with Goss".
In this post we’ll take a look at a feature I added to Goss a while ago. Enhanced DNS validation.
Why test DNS?
DNS is easy right?! It’s just an IP address and a hostname. Easy… We’ve definitely never had an outage or failed to deploy a new application because of a DNS issue have we?
DNS can get a little more interesting when you start chaining CNAMEs, have multiple A records for a hostname and introduce DNSSEC.
PTR records which reverse map an IP to a hostname are often used by various server applications for security purposes (Java + SSL).
If DNS configuration is out of your control and another team forgets to add the records you need correctly you can end up wasting hours troubleshooting why various applications won’t start up, clients fail to connect and you have SSL connection errors.
Testing your DNS with Goss will solve ALL these problems! Okay, that’s a lie. It can however help you identify when DNS records aren’t quite right, have changed, or are missing before deploying a new application.
What can Goss test?
Goss can validate that any of the following record types are resolveable and can validate the values of the records.
How do I test DNS records?
Here are a few examples of DNS record tests:
dns: # Validate a CAA record CAA:dnstest.io: resolvable: true addrs: - 0 issue comodoca.com - 0 issue letsencrypt.org - 0 issuewild ; timeout: 2000 server: 184.108.40.206 # Validate a CNAME record CNAME:dnstest.github.io: resolvable: true server: 220.127.116.11 addrs: - "github.map.fastly.net." # Validate a PTR record PTR:18.104.22.168: resolvable: true server: 22.214.171.124 addrs: - "google-public-dns-a.google.com." # Validate and SRV record SRV:_https._tcp.dnstest.io: resolvable: true server: 126.96.36.199 addrs: - "0 5 443 a.dnstest.io." - "10 10 443 b.dnstest.io." # Validate an MX record MX:dnstest.io: resolvable: true addrs: - 10 b.dnstest.io. - 5 a.dnstest.io. timeout: 2000 server: 188.8.131.52
The above examples will query Google’s public DNS server:
184.108.40.206 for results. You can remove the
server parameter which will result in the system DNS resolver being used.
Combining this with the nagios output and creating a monitoring check from it could be helpful in identifying future issues or alerting when a record might have been "cleaned up".