Back to Cookbook

DNS Detective

Prove it's DNS in 30 seconds instead of suspecting it for 3 hours

Systematic DNS debugging: checks resolution from multiple nameservers, validates record chains, detects dangling CNAMEs, verifies DNSSEC, and audits DMARC/SPF/DKIM for email deliverability. Because it's always DNS.

House RecipeWork1 min

INGREDIENTS

🐙GitHub💬Slack

PROMPT

Create a skill called "DNS Detective". Diagnose DNS issues and audit DNS configurations: Mode 1 — Debug: When I report a DNS problem with a domain: 1. Run `dig` against authoritative nameservers AND public resolvers (8.8.8.8, 1.1.1.1) 2. Trace the full resolution chain (CNAME → CNAME → A/AAAA) 3. Check for dangling records (CNAMEs pointing to non-existent targets) 4. Compare responses across nameservers for inconsistencies 5. Check TTL values and estimate propagation time for recent changes 6. Validate DNSSEC if enabled Mode 2 — Audit: Given a domain or list of domains: 1. List all DNS records from the provider (Route53, Cloudflare, etc.) 2. Identify dangling records (subdomain takeover risk) 3. Audit email records: SPF, DKIM, DMARC 4. Check for common misconfigurations (conflicting CNAME and A records, wildcard issues) 5. Generate Terraform resources for managing the records as code

How It Works

"It's always DNS" is a meme because it's true. This skill runs the full

diagnostic sequence: check resolution, trace the record chain, compare

nameservers, and look for the common gotchas.

What You Get

  • Multi-nameserver resolution check (authoritative + public resolvers)
  • Record chain tracing (CNAME → A/AAAA resolution path)
  • Dangling CNAME/alias detection (records pointing to resources that no longer exist)
  • TTL analysis and propagation status
  • DNSSEC validation
  • Email deliverability audit (SPF, DKIM, DMARC records)
  • Cloud provider DNS audit (Route53, Cloudflare, GCP Cloud DNS)

Setup Steps

  1. Give your Claw a domain name and describe the problem (or just say "audit this domain")
  2. Review the diagnostic results
  3. Apply the suggested fixes

Tips

  • Always check from both authoritative nameservers and public resolvers (8.8.8.8, 1.1.1.1)
  • Dangling CNAMEs are a security risk (subdomain takeover) as well as an operational issue
  • TTL values that are too low cause excessive DNS queries; too high causes slow propagation
  • Email deliverability issues are almost always SPF/DKIM/DMARC misconfiguration
  • If you manage DNS in Terraform, ask your Claw to generate the Terraform resources
Tags:#dns#networking#debugging#devops