Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Checking connectivity

The DNS TAPIR Looptest Domain

As part of our test deployment of DNS TAPIR Core, we have set up a special domain for testing connectivity, looptest.dnstapir.se.. It currently has two uses.

The "Ticker" Test

To ensure that a POP receives observations from Core, Core will periodically send out observations with observation encoding flag 1024 set. By issuing dnstapir-cli filterlists on a running system, you should be able to see the following:

operator@edge $ dnstapir-cli filterlists
Domain                                                                     |Source              |Src Fmt             |Filter    |Flags     
---------------------------------------------------------------------------------------------------------------------------------------
# ...snip...
epoch-1761739157.ticker.looptest.dnstapir.se.                              |dns-tapir           |tapir-msg-v1        |doubt     |1024      
epoch-1761737417.ticker.looptest.dnstapir.se.                              |dns-tapir           |tapir-msg-v1        |doubt     |1024      
epoch-1761738377.ticker.looptest.dnstapir.se.                              |dns-tapir           |tapir-msg-v1        |doubt     |1024      
epoch-1761738677.ticker.looptest.dnstapir.se.                              |dns-tapir           |tapir-msg-v1        |doubt     |1024
# ...snip...

The presence of the ticker.looptest.dnstapir.se. observations indicates that connectivity from Core to your POP is working.

The "From-edge" Test

To ensure that your resolver can connect to your EDM, that your EDM can connect to Core and that Core can connect to your POP, queries that follow a specific pattern will cause a corresponding observation to be sent out by Core, again using the 1024 flag.

From a machine that can connect with the resolver on your Edge, run:

dig @<your resolver> <unique label>.from-edge.looptest.dnstapir.se

If the qname is something your EDM sees for the first time, it will send an event to Core. Core will recognize the domain as our looptest domain, flag it and then send out an observation to all Edges.

You should be able to see that the "loop is closed" by issuing dnstapir-cli filterlists on your Edge system:

operator@edge $ dnstapir-cli filterlists
Domain                                                                     |Source              |Src Fmt             |Filter    |Flags     
---------------------------------------------------------------------------------------------------------------------------------------
# ...snip...
<unique-label>.from-edge.looptest.dnstapir.se.                             |dns-tapir           |tapir-msg-v1        |doubt     |1024
# ...snip...

It might be helpful to grep for your query since there may be a lot of other domains listed in the output. Seeing your query in the output indicates that your resolver is communicating with your EDM, your EDM is communicating with Core and Core is communicating with your POP.

Note that other DNS TAPIR users will be able to see your looptests since observations are being sent out to all enrolled POPs. No profanity!

Verify that TAPIR Core receives histograms from TAPIR EDM: ....

TODO

Verify that TAPIR POP receives observations from TAPIR Core: ....

TODO