DNS Status

DNS resolution status across four layers: public FQDN resolution via DNS-over-HTTPS, host system resolver configuration, Docker container hostname resolution, and reverse DNS / ASN data for registered scanners. Forward-confirmed reverse DNS (FCrDNS) is checked where applicable.

Fields & Columns

Name Description
Hostname (Public) The configured public FQDN resolved via Google/Cloudflare DoH
A Records IPv4 address records with TTL for the public hostname
AAAA Records IPv6 address records with TTL for the public hostname
Reverse DNS (PTR) PTR record for the resolved IP — used for FCrDNS validation
PTR Match Whether the PTR record matches the forward hostname (FCrDNS check)
Nameservers DNS nameservers configured in the host system resolver (/etc/resolv.conf)
Search Domains DNS search domains from the host resolver configuration
Resolved IPs (Internal) IP addresses the FQDN resolves to from the host perspective
Total Services / Resolved (Container) How many Docker service hostnames resolve via the embedded DNS (127.0.0.11)
Container DNS table Per-service forward IP, reverse hostname, and resolution status
Scanner DNS table Per-scanner external IP, hostname, PTR record, and ASN information
With PTR Match Count of scanners whose PTR record matches their reported hostname

Gotchas

  1. Scanner DNS data is informational for GRC audits — it does not affect the overall DNS health status.
  2. PTR mismatches (forward and reverse DNS disagree) can cause some services to reject connections, but are not critical for scanning.
  3. Container DNS failures indicate Docker networking issues that will break inter-service communication.
  4. Public DNS uses DoH (DNS-over-HTTPS) so results reflect what external clients see, not local resolver behavior.

API Calls (1)

Method Path Description
GET /api/health/infra/dns Fetch public, internal, container, and scanner DNS health data

Related Pages

  • Overview — Architecture diagram shows DNS status indicator
  • HTTPS — DNS resolution is a prerequisite for HTTPS connectivity
  • Scanners — Scanner DNS card shows PTR and ASN for registered scanners