This article provides instructions for testing a Filter Chain configuration using a command line tool called dig (v. 9.10 or later).
Note: This article assumes you have already configured the DNS record and associated Filter Chain.
As an example, the screenshot above shows a scenario in which the user has configured manual failover using the
Select for N filters. The answer labeled
nydatacenter is set to be the priority answer returned. This example is referenced throughout the article.
Step 1: Test the response of the DNS record.
Use the following dig command to test the response of the DNS record directly from an NS1 name server.
dig RECORD_NAME @SERVER_NAME
dig test.exampledns.com @dns1.p01.nsone.net
The example response is as follows:
; <<>> DiG 9.10.6 <<>> test.exampledns.com @dns1.p01.nsone.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46966
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.exampledns.com. IN A
;; ANSWER SECTION:
test.exampledns.com. 3600 IN CNAME nydatacenter.
;; Query time: 24 msec
;; SERVER: 18.104.22.168#53(22.214.171.124)
;; WHEN: Thu May 14 12:57:52 EDT 2020
;; MSG SIZE rcvd: 74
Under the “Header” section, a status of NOERROR indicates the answer was served without issue. Under the “Answer” section, we see that the nydatacenter is served.
Note: Alternatively, you can shorten the response to include only the actual DNS answer by adding the
+short option to the command. For example:
dig test.exampledns.com @dns1.p01.nsone.net +short
From there, you can tweak your configuration as necessary to ensure the Filter Chain is responding as expected. Below is a short screen recording demonstrating a change in dig response after modifying the chain.