All-in-one DNS utility

• For full documentation visit Netlify|Docs.
• For support visit Netlify|Community.

Introduction

The command-line script below runs through many of the most-needed tests to troubleshoot DNS issues related to Netlify hosting. Note that this is written for Zshell, so if you are still using Bash you will need to regress a couple of the features. As noted in the header, you will also need to install some command-line utilities, which is easiest to do via Homebrew. The first printf command resizes the default Terminal window in macOS to fit my screen. You may need to adjust that to taste. Reading this source code can be rough sledding, so I recommend running this in your Terminal so you get the benefit of the built-in formatting.

Use

1. Copy all the lines of code in the shaded box below.
2. Paste the copied text into a new, empty text editor (not a word processor) document, and save it with a .zsh file extension. FWIW, I call this file netlify.zsh.
3. In your Terminal, navigate to the folder / directory where you saved this file (typically done using the cd command).
4. Invoke the script from the command line by typing in ./ and then the name of the file (in my case, this would be ./netlify.zsh).
5. After you invoke this script via the command line, it asks for the apex domain of interest, and assumes the www subdomain but allows you to change that to whatever subdomain you wish to investigate.
6. Depending on the speed of your Internet connection and the gods of DNS, it will take anywhere from a few seconds to a minute or so for the entire script to run. However, after results start coming in, you can scroll the Terminal window while the script finishes executing — you don’t have to wait until the script runs to completion before examining the results.

Note

There is some overlap in the information returned, which can be either helpful or irritating. Your choice.

The code

#!/bin/zsh
# View domain and DNS information for Netlify sites
# change the values for domain and fqdn and run from the command line
# you may need to install some components using Homebrew
# if using bash you'll need to change some of this syntax
print "\e[8;70;100t"
clear
subdomain="www"
read -r apex"?Apex domain: "
vared -p "Subdomain: " subdomain
print
fqdn=$subdomain.$apex
linebreak="|================================================================\n\n\n"
: $((vara=60 - ${#apex}))
if [ $((vara % 2)) -eq 1 ]
then
    : $((vara=vara + 1))
fi
: $((vara=vara / 2))
: $((varf=60 - ${#fqdn}))
if [ $((varf % 2)) -eq 1 ]
then
    : $((varf=varf + 1))
fi
: $((varf=varf / 2))
u="--------------------------------------------------------------------"
pada=${u:1:$vara}
padf=${u:1:$varf}
print "|============== Check domain info for Netlify sites ============="
print
print "|====================== whois registrar for ====================="
print "| ${pada} $apex ${pada}"
whois "$apex" | grep "Registrar URL"
print $linebreak
print "|==================== whois name server(s) for =================="
print "| ${pada} $apex ${pada}"
whois "$apex" | grep -E -i "(name server|updated date)"
print $linebreak
print "|===================== dig name server(s) for ==================="
print "| ${pada} $apex ${pada}"
print "| ------------------- should agree with whois -------------------"
dig "$apex" -t NS +short
print
print "| ${padf} $fqdn ${padf}"
print "| ------------ blank if pointing to the apex domain -------------"
print "| ------------------ in the Netlify dashboard -------------------"
dig "$fqdn" -t NS +short
print $linebreak
print "|====================== dig A record(s) for ====================="
print "| ---------- Netlify's old load balancer: 104.198.14.52 ---------"
print "| ------------ Netlify's new load balancer: 75.2.60.5 -----------"
print "| ------- Add'l load balancer IP addresses may also appear ------"
print "| ${pada} $apex ${pada}"
dig "$apex" -t A +short
whois "$(dig "$apex" -t A +short)" | grep Organization
print
print "| ${padf} $fqdn ${padf}"
dig "$fqdn" -t A +short
whois "$(dig "$fqdn" -t A +short)" | grep Organization
print
print "See the documentation here:"
print "https://docs.netlify.com/domains-https/custom-domains/configure-external-dns/"
print $linebreak
print "|======================= dig CNAME(s) for ======================="
print "| ${padf} $fqdn ${padf}"
print "| ------------ will be blank when using Netlify DNS -------------"
dig "$fqdn" -t CNAME +short
print $linebreak
print "|================== check for inactive DNS zone ================="
print "| --------------- last line should show nsone.net ---------------"
print "| ----------------- for sites using Netlify DNS -----------------"
print "| ---------------- otherwise will show DNS source ---------------"
print "| ${pada} $apex ${pada}"
dig "$apex" +trace -t NS | tail -n 6
# print "| ${padf} $fqdn ${padf}"
# dig $fqdn +trace -t NS | tail -n 6
print "See the documentation here:"
print "https://answers.netlify.com/t/support-guide-how-to-detect-and-fix-inactive-netlify-dns-zones/21742"
print "The solution is either a) activate the inactive zone or b) delete the inactive zone."
print $linebreak
print "|======================== check for DNSSEC ======================"
print "| ---------------------- should be unsigned ---------------------"
whois "$apex" | grep "DNSSEC"
print $linebreak
print "|======================== check for server ======================"
print "| ---------------------- should be Netlify ----------------------"
print "| ${pada} $apex ${pada}"
curl -svo /dev/null http://"$apex" 2>&1 | grep server:
print
print "| ${padf} $fqdn ${padf}"
curl -svo /dev/null http://"$fqdn" 2>&1 | grep server:
print $linebreak
print "|====================== check for redirects ====================="
print "| ---------------------------- http -----------------------------"
print "| ${pada} $apex ${pada}"
curl --head --location http://"$apex"
print
print "| ---------------------------- http -----------------------------"
print "| ${padf} $fqdn ${padf}"
curl --head --location http://"$fqdn"
print $linebreak
print "|====================== check for redirects ====================="
print "| ---------------------------- https ----------------------------"
print "| ${pada} $apex ${pada}"
curl --head --location https://"$apex"
print
print "| ---------------------------- https ----------------------------"
print "| ${padf} $fqdn ${padf}"
curl --head --location https://"$fqdn"
print $linebreak
print "|======================== host check for ========================"
print "| ${pada} $apex ${pada}"
host "$apex"
print
print "| ${padf} $fqdn ${padf}"
host "$fqdn"
print $linebreak
print "|======================== check load time ======================="
print "| ${pada} $apex ${pada}"
ab http://"$apex"/
print
print "| ${padf} $fqdn ${padf}"
ab http://"$fqdn"/
print $linebreak
# print "|======================== https check for ======================="
# print "| ${pada} $apex ${pada}"
# https -h $apex
# print
# print "| ${padf} $fqdn ${padf}"
# https -h $fqdn
# print $linebreak
# print "|====================== httpstat check for ======================"
# print "| ${pada} $apex ${pada}"
# httpstat $apex
# print
# print "| ${padf} $fqdn ${padf}"
# httpstat $fqdn
# print $linebreak
print "|================== check SSL record blocking ==================="
print "| ---------------------- should be blank ------------------------"
print "| ------------------ when using Netlify DNS ---------------------"
print "| ${pada} $apex ${pada}"
dig +noall +answer "$apex" -t CAA
print
print "| ${padf} $fqdn ${padf}"
dig +noall +answer "$fqdn" -t CAA
print $linebreak
print "|================== check SSL certificate dates ================="
print "| ${pada} $apex ${pada}"
sslscan "$apex"
# openssl s_client -connect $apex:443  2>/dev/null | openssl x509 -noout -dates
print
print "| ${padf} $fqdn ${padf}"
sslscan "$fqdn"
# openssl s_client -connect $fqdn:443  2>/dev/null | openssl x509 -noout -dates
print $linebreak
print "|====================== get x-nf-request-id ====================="
print "| -------------------- blank if not Netlify ---------------------"
print "| ${pada} $apex ${pada}"
print "| ---------------------------- http -----------------------------"
curl -svo /dev/null http://"$apex" 2>&1 | grep 'x-nf-request-id'
print "| ---------------------------- https ----------------------------"
curl -svo /dev/null https://"$apex" 2>&1 | grep 'x-nf-request-id'
print "| ${padf} $fqdn ${padf}"
print "| ---------------------------- http -----------------------------"
curl -svo /dev/null https://"$fqdn" 2>&1 | grep 'x-nf-request-id'
print "| ---------------------------- https ----------------------------"
curl -svo /dev/null https://"$fqdn" 2>&1 | grep 'x-nf-request-id'
print $linebreak

Sample results

• whois registrar report
• name server reports
• A record(s)
• CNAME entries
• inactive DNS zone
• DNSSEC check
• checking for redirects
• host check
• load time tests
• (https checks)
• (httpstat checks)
• check for SSL record blocking
• check SSL certificate dates (and much more)
• get x-nf-request-id