open secondary menu close secondary menu

Tips & Tricks

  • To get a short, sweet DNS lookup answer, so short and sweet it will even satisfy POTUS on Twitter, enter dig menandmice.com +short.
  • Does size really matter? If so, how much? Test your DNS reply size by entering $ dig +short rs.dns-oarc.net txt
  • How to update reverse records? Access the IP Address Ranges on the object list, select the ranges, right-click “Update Reverse Records” from the shortcut menu in the Suite.
  • Using Men & Mice Suite Quick Filters with wildcard characters. ‘^’ means ‘starts with’. E.g. the search string  ^server finds  server1.zone.com  and server-north.anotherzone.com.
  • Using Men & Mice Suite Quick Filters with wildcard characters. ‘$’ means ‘ends with’. The search string ‘server$’ finds  the.best.server and good.nameserver.
  • Using Men & Mice Suite Quick Filters with wildcard characters. ‘!’ uses operator to further narrow search results. The *exclamation mark !* means *NOT{*}.
  • RPZ in the Men & Mice Suite: Open the ‘Options’ dialog box for a master zone (on BIND) and click the Response Policy Zone checkbox.
  • After making manual changes to the leases database file on a server running ISC DHCP, run “dhcpd -T” to test the leases file.
  • The command “ldns-dane” from the ldns package (http://nlnetlabs.nl) can be used to create or verify DANE TLSA records for better TLS transport security.
  • Man is not yet machine! For human-readable output, use the “multi” switch on the BIND 9 DNS query tool “dig”. E.g. “dig menandmice.com SOA +multi”
  • DHCP config! After making manual changes to the dhcpd.conf on a server running ISC DHCP, run “dhcpd -t” to test the config for syntactical correctness.
  • Craving more info after updating a dynamic DNS zone with “nsupdate”? Use the debug switch “-d” to get more information. E.g. “nsupdate -d”
  • Having DNSSEC trust issues? BIND 9.10+ contains the tool “delv” to check the DNSSEC chain of trust. E.g. “delv +v www.ripe.net”
  • Use the “+nssearch” option on the BIND 9 DNS query tool “dig” to list the SOA records for all authoritative name servers for a specific domain. E.g. “dig menandmice.com +nssearch”
  • On Linux, the command “netstat -puten” will give you the list of current established network connections, including the names of the processes that created them.
  • The tool “ipv6loganon” (from the “ipv6calc” project) can be used to anonymize IPv4 and IPv6 addresses in web-server log-files.
  • After making manual changes to a zone file, or the configuration file on a BIND 9 DNS server, run “named-checkconf -z” to test all zones and the configuration.
  • Looking for some fast cache? On Linux, the command “ip neigh show” will print the IPv4 ARP cache and the IPv6 neighborhood cache.
  • with BIND 9.9 slave zones are stored by default in a binary format. Use the BIND 9 tool “named-compilezone” to print out the zone as text. Example: “named-compilezone -F raw -o ./example.com.txt example.com. ./example.com-hosts”