DNS Lots-of-Lookups (DNSLOL) is a small command line utility suitable for doing large-scale DNS lookups quickly. In particular DNSLOL is tailored towards doing comparative analysis of the results of doing these lookups with different DNS servers.
DNSLOL is packaged as a Go module,
allowing you to clone the source outside of your $GOPATH and install using the
vendored dependencies.
- Set up Go 1.11+ and your
$GOPATH git clone github.com/letsencrypt/dns-lots-of-lookupscd dns-lots-of-lookupsgo -mod=vendor install ./...
- Increase the
ulimitfor the number of open files for your session to match your desired-parallelsetting. E.g. for a-parallel of 4000run:
ulimit nofile 4000- Start the lookup process. In this example we configure
dnslolto performAandTXTqueries for every domain ininput_domains.txt, using two local recursive resolvers (one on port1053, and one on1054). It will gradually spawn new goroutines every15s, up to a maximum of4000goroutines. Prometheus metrics will be exported on the metrics address,http://127.0.0.1:6363/metrics.
dnslol \
-checkA \
-checkTXT \
-servers 127.0.0.1:1053,127.0.0.1:1054 \
-parallel 4000 \
-spawnInterval 15s \
-metricsAddr 127.0.0.1:6363 \
< input_domains.txtdnslol expects to read fully qualified domain names as input to standard in.
All of the domain names must be in ASCII form. Internationalized Domain Names
(IDN) must be converted to ASCII before using dnslol according to the
IDNA2008 encoding method. You may
find using this small Go
tool helpful for
converting IDN domains to ASCII:
cat raw_input_domains.txt | go run idna-encode.go > input_domains.txtdnslol can read input domains in label-wise reversed form if you provide the
-reverse label. This will automatically convert inputs like
org.letsencrypt.www to www.letsencrypt.org.
DNSLOL will write results to a MariaDB database. If you don't have one of these
handy,
a docker-compose.yml
file is provided that can quickly create a MariaDB container for dnslol to
use.
If you do have an existing DB handy you will need to change the -db flag
provided to dnslol and ensure the database has been initialized with the SQL
found in db-schema.sql
Otherwise, before trying to use the docker compose file make sure you have Docker Engine 1.10.0+ and Docker Compose 1.6.0+ installed. If you do not, you can follow Docker's installation instructions.
You can start the database by running:
docker-compose upThis will start a dnslotsoflookups_db_1 container running MariaDB. A dnslol
database user will be created with the password dnslol. This user will be
granted superuser privileges for the dnslol-results database. The database
will be listening on the private IP 10.10.10.2 on port 3306.
You will need to create the initial database structure the first time you start
the database container using the mysql command line tool (You may need to
install this command on your host machine separately if you don't already have it):
mysql \
-u dnslol \
-pdnslol \
-P 3306 \
-h 10.10.10.2 \
--protocol=tcp \
dnslol-results < db-schema.sqlYou can view the database logs by running:
docker-compose logs dbImportant - By default the dnslol user has a hardcoded password equal
to the username. Never use the dnslol DB container in a production setting!
DNSLOL exports several Prometheus metrics on the configured -debugAddr that can be used to monitor the performance and results of a dnslol run.
| Metric Name | Metric Type | Labels | Description |
|---|---|---|---|
lookup_results |
Counter Vec | server, result |
Result count per query rcode or error result |
attempts |
Counter | server |
Number of lookup attempts made |
successes |
Counter | server |
Number of lookup successes |
queryTime |
SummaryVec | server, type |
Query duration (seconds) per type |
commandLine |
GaugeVec | server, line |
Command line invocation of the dnslol tool |