{ "schemaVersion": "1.0", "item": { "slug": "dns-networking", "name": "DNS & Networking", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/gitgoodordietrying/dns-networking", "canonicalUrl": "https://clawhub.ai/gitgoodordietrying/dns-networking", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/dns-networking", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=dns-networking", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/dns-networking" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/dns-networking", "agentPageUrl": "https://openagent3.xyz/skills/dns-networking/agent", "manifestUrl": "https://openagent3.xyz/skills/dns-networking/agent.json", "briefUrl": "https://openagent3.xyz/skills/dns-networking/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "DNS & Networking", "body": "Debug DNS resolution, network connectivity, and HTTP issues. Covers dig/nslookup, port testing, firewall rules, curl diagnostics, /etc/hosts, proxy configuration, and certificate troubleshooting." }, { "title": "When to Use", "body": "DNS name not resolving or resolving to wrong IP\nConnection refused / connection timed out errors\nDiagnosing firewall or security group rules\nHTTP requests failing for unclear reasons\nProxy configuration issues\nSSL/TLS certificate errors\nTesting connectivity between services" }, { "title": "Query DNS records", "body": "# A record (IP address)\ndig example.com\ndig +short example.com\n\n# Specific record types\ndig example.com MX # Mail servers\ndig example.com CNAME # Aliases\ndig example.com TXT # Text records (SPF, DKIM, etc.)\ndig example.com NS # Name servers\ndig example.com AAAA # IPv6 address\ndig example.com SOA # Start of Authority\n\n# Query a specific DNS server\ndig @8.8.8.8 example.com\ndig @1.1.1.1 example.com\n\n# Trace the full resolution path\ndig +trace example.com\n\n# Reverse lookup (IP → hostname)\ndig -x 93.184.216.34\n\n# nslookup (simpler, works everywhere)\nnslookup example.com\nnslookup example.com 8.8.8.8 # Query specific server\nnslookup -type=MX example.com\n\n# host (simplest)\nhost example.com\nhost -t MX example.com" }, { "title": "Check DNS propagation", "body": "# Query multiple public DNS servers\nfor dns in 8.8.8.8 1.1.1.1 9.9.9.9 208.67.222.222; do\n echo -n \"$dns: \"\n dig +short @\"$dns\" example.com\ndone\n\n# Check TTL (time to live)\ndig example.com | grep -E '^\\S+\\s+\\d+\\s+IN\\s+A'\n# The number is TTL in seconds" }, { "title": "Local DNS issues", "body": "# Check /etc/resolv.conf (which DNS server the system uses)\ncat /etc/resolv.conf\n\n# Check /etc/hosts (local overrides)\ncat /etc/hosts\n\n# Flush DNS cache\n# macOS:\nsudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder\n# Linux (systemd-resolved):\nsudo systemd-resolve --flush-caches\n# Windows:\nipconfig /flushdns\n\n# Check if systemd-resolved is running (Linux)\nresolvectl status" }, { "title": "/etc/hosts patterns", "body": "# /etc/hosts — local DNS overrides (no TTL, instant)\n\n# Point a domain to localhost (for development)\n127.0.0.1 myapp.local\n127.0.0.1 api.myapp.local\n\n# Block a domain\n0.0.0.0 ads.example.com\n\n# Test a migration (point domain to new server before DNS change)\n203.0.113.50 example.com\n203.0.113.50 www.example.com\n\n# Multiple names for one IP\n192.168.1.100 db.local redis.local cache.local" }, { "title": "Test if a port is open", "body": "# nc (netcat) — most reliable\nnc -zv example.com 443\nnc -zv -w 5 example.com 80 # 5 second timeout\n\n# Test multiple ports\nfor port in 22 80 443 5432 6379; do\n nc -zv -w 2 example.com $port 2>&1\ndone\n\n# /dev/tcp (bash built-in, no extra tools needed)\ntimeout 3 bash -c 'echo > /dev/tcp/example.com/443' && echo \"Open\" || echo \"Closed\"\n\n# curl (also tests HTTP)\ncurl -sI -o /dev/null -w \"%{http_code}\" https://example.com\n\n# Test from inside a Docker container\ndocker exec my-container nc -zv db 5432" }, { "title": "Network path diagnostics", "body": "# traceroute (show network hops)\ntraceroute example.com\n\n# mtr (continuous traceroute with stats — best for finding packet loss)\nmtr example.com\nmtr -r -c 20 example.com # Report mode, 20 packets\n\n# ping\nping -c 5 example.com\n\n# Show local network interfaces\nip addr show # Linux\nifconfig # macOS / older Linux\n\n# Show routing table\nip route show # Linux\nnetstat -rn # macOS\nroute -n # Linux (older)" }, { "title": "Check listening ports", "body": "# What's listening on which port (Linux)\nss -tlnp\nss -tlnp | grep :8080\n\n# macOS\nlsof -i -P -n | grep LISTEN\nlsof -i :8080\n\n# Older Linux\nnetstat -tlnp\nnetstat -tlnp | grep :8080\n\n# Which process is using a port\nlsof -i :3000\nfuser 3000/tcp # Linux" }, { "title": "Verbose request inspection", "body": "# Full verbose output (headers, TLS handshake, timing)\ncurl -v https://api.example.com/endpoint\n\n# Show timing breakdown\ncurl -o /dev/null -s -w \"\n DNS: %{time_namelookup}s\n Connect: %{time_connect}s\n TLS: %{time_appconnect}s\n TTFB: %{time_starttransfer}s\n Total: %{time_total}s\n Status: %{http_code}\n Size: %{size_download} bytes\n\" https://api.example.com/endpoint\n\n# Show response headers only\ncurl -sI https://api.example.com/endpoint\n\n# Follow redirects and show each hop\ncurl -sIL https://example.com\n\n# Resolve a domain to a specific IP (bypass DNS)\ncurl --resolve example.com:443:203.0.113.50 https://example.com\n\n# Use a specific network interface\ncurl --interface eth1 https://example.com" }, { "title": "Debug common HTTP issues", "body": "# Test with different HTTP versions\ncurl --http1.1 https://example.com\ncurl --http2 https://example.com\n\n# Test with specific TLS version\ncurl --tlsv1.2 https://example.com\ncurl --tlsv1.3 https://example.com\n\n# Ignore certificate errors (debugging only)\ncurl -k https://self-signed.example.com\n\n# Send request with custom Host header (virtual hosts)\ncurl -H \"Host: example.com\" https://203.0.113.50/\n\n# Test CORS preflight\ncurl -X OPTIONS -H \"Origin: http://localhost:3000\" \\\n -H \"Access-Control-Request-Method: POST\" \\\n -v https://api.example.com/endpoint" }, { "title": "iptables (Linux)", "body": "# List all rules\nsudo iptables -L -n -v\n\n# Allow incoming on port 80\nsudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT\n\n# Allow incoming from specific IP\nsudo iptables -A INPUT -s 203.0.113.0/24 -p tcp --dport 22 -j ACCEPT\n\n# Block incoming on a port\nsudo iptables -A INPUT -p tcp --dport 3306 -j DROP\n\n# Save rules (persist across reboot)\nsudo iptables-save > /etc/iptables/rules.v4" }, { "title": "ufw (simpler, Ubuntu/Debian)", "body": "# Enable\nsudo ufw enable\n\n# Allow/deny\nsudo ufw allow 80/tcp\nsudo ufw allow 443/tcp\nsudo ufw allow from 203.0.113.0/24 to any port 22\nsudo ufw deny 3306\n\n# Check status\nsudo ufw status verbose\n\n# Reset all rules\nsudo ufw reset" }, { "title": "macOS firewall", "body": "# Check status\nsudo /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate\n\n# Enable\nsudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on\n\n# Allow an application\nsudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /usr/local/bin/myapp" }, { "title": "Environment variables", "body": "# Set proxy for most CLI tools\nexport HTTP_PROXY=http://proxy.example.com:8080\nexport HTTPS_PROXY=http://proxy.example.com:8080\nexport NO_PROXY=localhost,127.0.0.1,.internal.example.com\n\n# For curl specifically\nexport http_proxy=http://proxy.example.com:8080 # lowercase also works\n\n# With authentication\nexport HTTPS_PROXY=http://user:password@proxy.example.com:8080" }, { "title": "Test through proxy", "body": "# curl with explicit proxy\ncurl -x http://proxy.example.com:8080 https://httpbin.org/ip\n\n# SOCKS proxy\ncurl --socks5 localhost:1080 https://httpbin.org/ip\n\n# Verify your external IP through proxy\ncurl -x http://proxy:8080 https://httpbin.org/ip\ncurl https://httpbin.org/ip # Compare with direct\n\n# Test proxy connectivity\ncurl -v -x http://proxy:8080 https://example.com 2>&1 | grep -i \"proxy\\|connect\"" }, { "title": "Common proxy issues", "body": "# Node.js fetch/undici does NOT respect HTTP_PROXY\n# Use undici ProxyAgent or node-fetch with http-proxy-agent\n\n# Git through proxy\ngit config --global http.proxy http://proxy:8080\ngit config --global https.proxy http://proxy:8080\n# Remove:\ngit config --global --unset http.proxy\n\n# npm through proxy\nnpm config set proxy http://proxy:8080\nnpm config set https-proxy http://proxy:8080\n\n# pip through proxy\npip install --proxy http://proxy:8080 package-name" }, { "title": "Certificate Troubleshooting", "body": "# Check certificate from a server\necho | openssl s_client -connect example.com:443 -servername example.com 2>/dev/null | \\\n openssl x509 -noout -subject -issuer -dates\n\n# Check expiry\necho | openssl s_client -connect example.com:443 2>/dev/null | \\\n openssl x509 -noout -enddate\n\n# Download certificate chain\nopenssl s_client -showcerts -connect example.com:443 < /dev/null 2>/dev/null | \\\n awk '/BEGIN CERT/,/END CERT/' > chain.pem\n\n# Verify a certificate against CA bundle\nopenssl verify -CAfile /etc/ssl/certs/ca-certificates.crt server.pem\n\n# Check certificate for a specific hostname (SNI)\nopenssl s_client -connect cdn.example.com:443 -servername cdn.example.com\n\n# Common error: \"certificate has expired\"\n# Check the date on the server:\ndate\n# If the system clock is wrong, certs will appear invalid" }, { "title": "Quick Diagnostics Script", "body": "#!/bin/bash\n# net-check.sh — Quick network diagnostics\nTARGET=\"${1:?Usage: net-check.sh [port]}\"\nPORT=\"${2:-443}\"\n\necho \"=== Network Check: $TARGET:$PORT ===\"\n\necho -n \"DNS resolution: \"\nIP=$(dig +short \"$TARGET\" | head -1)\n[[ -n \"$IP\" ]] && echo \"$IP\" || echo \"FAILED\"\n\necho -n \"Ping: \"\nping -c 1 -W 3 \"$TARGET\" > /dev/null 2>&1 && echo \"OK\" || echo \"FAILED (may be blocked)\"\n\necho -n \"Port $PORT: \"\nnc -zv -w 5 \"$TARGET\" \"$PORT\" 2>&1 | grep -q \"succeeded\\|open\" && echo \"OPEN\" || echo \"CLOSED/FILTERED\"\n\nif [[ \"$PORT\" == \"443\" || \"$PORT\" == \"8443\" ]]; then\n echo -n \"TLS: \"\n echo | openssl s_client -connect \"$TARGET:$PORT\" -servername \"$TARGET\" 2>/dev/null | \\\n grep -q \"Verify return code: 0\" && echo \"VALID\" || echo \"INVALID/ERROR\"\n\n echo -n \"Certificate expiry: \"\n echo | openssl s_client -connect \"$TARGET:$PORT\" 2>/dev/null | \\\n openssl x509 -noout -enddate 2>/dev/null | sed 's/notAfter=//'\nfi\n\necho \"=== Done ===\"" }, { "title": "Tips", "body": "dig +short is the fastest way to check DNS from the command line. Use @8.8.8.8 to bypass local caching.\nnc -zv is the simplest port connectivity test. If nc isn't available, use bash's /dev/tcp.\ncurl's -w format string with timing variables is the fastest way to diagnose slow HTTP requests: DNS, connect, TLS, and TTFB are all visible.\nDNS changes propagate based on TTL. Check the current TTL with dig before expecting a DNS change to take effect.\n/etc/hosts changes take effect immediately (no TTL, no propagation delay). Use it to test domain migrations before changing DNS.\nWhen debugging \"connection refused\": first verify the port is open with nc, then check the service is actually listening with ss -tlnp or lsof -i.\nmtr is better than traceroute for diagnosing packet loss — it runs continuously and shows per-hop loss percentages.\nNode.js, Python requests, and many libraries do NOT automatically use HTTP_PROXY environment variables. Check each tool's proxy documentation." } ], "body": "DNS & Networking\n\nDebug DNS resolution, network connectivity, and HTTP issues. Covers dig/nslookup, port testing, firewall rules, curl diagnostics, /etc/hosts, proxy configuration, and certificate troubleshooting.\n\nWhen to Use\nDNS name not resolving or resolving to wrong IP\nConnection refused / connection timed out errors\nDiagnosing firewall or security group rules\nHTTP requests failing for unclear reasons\nProxy configuration issues\nSSL/TLS certificate errors\nTesting connectivity between services\nDNS Debugging\nQuery DNS records\n# A record (IP address)\ndig example.com\ndig +short example.com\n\n# Specific record types\ndig example.com MX # Mail servers\ndig example.com CNAME # Aliases\ndig example.com TXT # Text records (SPF, DKIM, etc.)\ndig example.com NS # Name servers\ndig example.com AAAA # IPv6 address\ndig example.com SOA # Start of Authority\n\n# Query a specific DNS server\ndig @8.8.8.8 example.com\ndig @1.1.1.1 example.com\n\n# Trace the full resolution path\ndig +trace example.com\n\n# Reverse lookup (IP → hostname)\ndig -x 93.184.216.34\n\n# nslookup (simpler, works everywhere)\nnslookup example.com\nnslookup example.com 8.8.8.8 # Query specific server\nnslookup -type=MX example.com\n\n# host (simplest)\nhost example.com\nhost -t MX example.com\n\nCheck DNS propagation\n# Query multiple public DNS servers\nfor dns in 8.8.8.8 1.1.1.1 9.9.9.9 208.67.222.222; do\n echo -n \"$dns: \"\n dig +short @\"$dns\" example.com\ndone\n\n# Check TTL (time to live)\ndig example.com | grep -E '^\\S+\\s+\\d+\\s+IN\\s+A'\n# The number is TTL in seconds\n\nLocal DNS issues\n# Check /etc/resolv.conf (which DNS server the system uses)\ncat /etc/resolv.conf\n\n# Check /etc/hosts (local overrides)\ncat /etc/hosts\n\n# Flush DNS cache\n# macOS:\nsudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder\n# Linux (systemd-resolved):\nsudo systemd-resolve --flush-caches\n# Windows:\nipconfig /flushdns\n\n# Check if systemd-resolved is running (Linux)\nresolvectl status\n\n/etc/hosts patterns\n# /etc/hosts — local DNS overrides (no TTL, instant)\n\n# Point a domain to localhost (for development)\n127.0.0.1 myapp.local\n127.0.0.1 api.myapp.local\n\n# Block a domain\n0.0.0.0 ads.example.com\n\n# Test a migration (point domain to new server before DNS change)\n203.0.113.50 example.com\n203.0.113.50 www.example.com\n\n# Multiple names for one IP\n192.168.1.100 db.local redis.local cache.local\n\nPort and Connectivity Testing\nTest if a port is open\n# nc (netcat) — most reliable\nnc -zv example.com 443\nnc -zv -w 5 example.com 80 # 5 second timeout\n\n# Test multiple ports\nfor port in 22 80 443 5432 6379; do\n nc -zv -w 2 example.com $port 2>&1\ndone\n\n# /dev/tcp (bash built-in, no extra tools needed)\ntimeout 3 bash -c 'echo > /dev/tcp/example.com/443' && echo \"Open\" || echo \"Closed\"\n\n# curl (also tests HTTP)\ncurl -sI -o /dev/null -w \"%{http_code}\" https://example.com\n\n# Test from inside a Docker container\ndocker exec my-container nc -zv db 5432\n\nNetwork path diagnostics\n# traceroute (show network hops)\ntraceroute example.com\n\n# mtr (continuous traceroute with stats — best for finding packet loss)\nmtr example.com\nmtr -r -c 20 example.com # Report mode, 20 packets\n\n# ping\nping -c 5 example.com\n\n# Show local network interfaces\nip addr show # Linux\nifconfig # macOS / older Linux\n\n# Show routing table\nip route show # Linux\nnetstat -rn # macOS\nroute -n # Linux (older)\n\nCheck listening ports\n# What's listening on which port (Linux)\nss -tlnp\nss -tlnp | grep :8080\n\n# macOS\nlsof -i -P -n | grep LISTEN\nlsof -i :8080\n\n# Older Linux\nnetstat -tlnp\nnetstat -tlnp | grep :8080\n\n# Which process is using a port\nlsof -i :3000\nfuser 3000/tcp # Linux\n\ncurl Diagnostics\nVerbose request inspection\n# Full verbose output (headers, TLS handshake, timing)\ncurl -v https://api.example.com/endpoint\n\n# Show timing breakdown\ncurl -o /dev/null -s -w \"\n DNS: %{time_namelookup}s\n Connect: %{time_connect}s\n TLS: %{time_appconnect}s\n TTFB: %{time_starttransfer}s\n Total: %{time_total}s\n Status: %{http_code}\n Size: %{size_download} bytes\n\" https://api.example.com/endpoint\n\n# Show response headers only\ncurl -sI https://api.example.com/endpoint\n\n# Follow redirects and show each hop\ncurl -sIL https://example.com\n\n# Resolve a domain to a specific IP (bypass DNS)\ncurl --resolve example.com:443:203.0.113.50 https://example.com\n\n# Use a specific network interface\ncurl --interface eth1 https://example.com\n\nDebug common HTTP issues\n# Test with different HTTP versions\ncurl --http1.1 https://example.com\ncurl --http2 https://example.com\n\n# Test with specific TLS version\ncurl --tlsv1.2 https://example.com\ncurl --tlsv1.3 https://example.com\n\n# Ignore certificate errors (debugging only)\ncurl -k https://self-signed.example.com\n\n# Send request with custom Host header (virtual hosts)\ncurl -H \"Host: example.com\" https://203.0.113.50/\n\n# Test CORS preflight\ncurl -X OPTIONS -H \"Origin: http://localhost:3000\" \\\n -H \"Access-Control-Request-Method: POST\" \\\n -v https://api.example.com/endpoint\n\nFirewall Basics\niptables (Linux)\n# List all rules\nsudo iptables -L -n -v\n\n# Allow incoming on port 80\nsudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT\n\n# Allow incoming from specific IP\nsudo iptables -A INPUT -s 203.0.113.0/24 -p tcp --dport 22 -j ACCEPT\n\n# Block incoming on a port\nsudo iptables -A INPUT -p tcp --dport 3306 -j DROP\n\n# Save rules (persist across reboot)\nsudo iptables-save > /etc/iptables/rules.v4\n\nufw (simpler, Ubuntu/Debian)\n# Enable\nsudo ufw enable\n\n# Allow/deny\nsudo ufw allow 80/tcp\nsudo ufw allow 443/tcp\nsudo ufw allow from 203.0.113.0/24 to any port 22\nsudo ufw deny 3306\n\n# Check status\nsudo ufw status verbose\n\n# Reset all rules\nsudo ufw reset\n\nmacOS firewall\n# Check status\nsudo /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate\n\n# Enable\nsudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on\n\n# Allow an application\nsudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /usr/local/bin/myapp\n\nProxy Configuration\nEnvironment variables\n# Set proxy for most CLI tools\nexport HTTP_PROXY=http://proxy.example.com:8080\nexport HTTPS_PROXY=http://proxy.example.com:8080\nexport NO_PROXY=localhost,127.0.0.1,.internal.example.com\n\n# For curl specifically\nexport http_proxy=http://proxy.example.com:8080 # lowercase also works\n\n# With authentication\nexport HTTPS_PROXY=http://user:password@proxy.example.com:8080\n\nTest through proxy\n# curl with explicit proxy\ncurl -x http://proxy.example.com:8080 https://httpbin.org/ip\n\n# SOCKS proxy\ncurl --socks5 localhost:1080 https://httpbin.org/ip\n\n# Verify your external IP through proxy\ncurl -x http://proxy:8080 https://httpbin.org/ip\ncurl https://httpbin.org/ip # Compare with direct\n\n# Test proxy connectivity\ncurl -v -x http://proxy:8080 https://example.com 2>&1 | grep -i \"proxy\\|connect\"\n\nCommon proxy issues\n# Node.js fetch/undici does NOT respect HTTP_PROXY\n# Use undici ProxyAgent or node-fetch with http-proxy-agent\n\n# Git through proxy\ngit config --global http.proxy http://proxy:8080\ngit config --global https.proxy http://proxy:8080\n# Remove:\ngit config --global --unset http.proxy\n\n# npm through proxy\nnpm config set proxy http://proxy:8080\nnpm config set https-proxy http://proxy:8080\n\n# pip through proxy\npip install --proxy http://proxy:8080 package-name\n\nCertificate Troubleshooting\n# Check certificate from a server\necho | openssl s_client -connect example.com:443 -servername example.com 2>/dev/null | \\\n openssl x509 -noout -subject -issuer -dates\n\n# Check expiry\necho | openssl s_client -connect example.com:443 2>/dev/null | \\\n openssl x509 -noout -enddate\n\n# Download certificate chain\nopenssl s_client -showcerts -connect example.com:443 < /dev/null 2>/dev/null | \\\n awk '/BEGIN CERT/,/END CERT/' > chain.pem\n\n# Verify a certificate against CA bundle\nopenssl verify -CAfile /etc/ssl/certs/ca-certificates.crt server.pem\n\n# Check certificate for a specific hostname (SNI)\nopenssl s_client -connect cdn.example.com:443 -servername cdn.example.com\n\n# Common error: \"certificate has expired\"\n# Check the date on the server:\ndate\n# If the system clock is wrong, certs will appear invalid\n\nQuick Diagnostics Script\n#!/bin/bash\n# net-check.sh — Quick network diagnostics\nTARGET=\"${1:?Usage: net-check.sh [port]}\"\nPORT=\"${2:-443}\"\n\necho \"=== Network Check: $TARGET:$PORT ===\"\n\necho -n \"DNS resolution: \"\nIP=$(dig +short \"$TARGET\" | head -1)\n[[ -n \"$IP\" ]] && echo \"$IP\" || echo \"FAILED\"\n\necho -n \"Ping: \"\nping -c 1 -W 3 \"$TARGET\" > /dev/null 2>&1 && echo \"OK\" || echo \"FAILED (may be blocked)\"\n\necho -n \"Port $PORT: \"\nnc -zv -w 5 \"$TARGET\" \"$PORT\" 2>&1 | grep -q \"succeeded\\|open\" && echo \"OPEN\" || echo \"CLOSED/FILTERED\"\n\nif [[ \"$PORT\" == \"443\" || \"$PORT\" == \"8443\" ]]; then\n echo -n \"TLS: \"\n echo | openssl s_client -connect \"$TARGET:$PORT\" -servername \"$TARGET\" 2>/dev/null | \\\n grep -q \"Verify return code: 0\" && echo \"VALID\" || echo \"INVALID/ERROR\"\n\n echo -n \"Certificate expiry: \"\n echo | openssl s_client -connect \"$TARGET:$PORT\" 2>/dev/null | \\\n openssl x509 -noout -enddate 2>/dev/null | sed 's/notAfter=//'\nfi\n\necho \"=== Done ===\"\n\nTips\ndig +short is the fastest way to check DNS from the command line. Use @8.8.8.8 to bypass local caching.\nnc -zv is the simplest port connectivity test. If nc isn't available, use bash's /dev/tcp.\ncurl's -w format string with timing variables is the fastest way to diagnose slow HTTP requests: DNS, connect, TLS, and TTFB are all visible.\nDNS changes propagate based on TTL. Check the current TTL with dig before expecting a DNS change to take effect.\n/etc/hosts changes take effect immediately (no TTL, no propagation delay). Use it to test domain migrations before changing DNS.\nWhen debugging \"connection refused\": first verify the port is open with nc, then check the service is actually listening with ss -tlnp or lsof -i.\nmtr is better than traceroute for diagnosing packet loss — it runs continuously and shows per-hop loss percentages.\nNode.js, Python requests, and many libraries do NOT automatically use HTTP_PROXY environment variables. Check each tool's proxy documentation." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/gitgoodordietrying/dns-networking", "publisherUrl": "https://clawhub.ai/gitgoodordietrying/dns-networking", "owner": "gitgoodordietrying", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/dns-networking", "downloadUrl": "https://openagent3.xyz/downloads/dns-networking", "agentUrl": "https://openagent3.xyz/skills/dns-networking/agent", "manifestUrl": "https://openagent3.xyz/skills/dns-networking/agent.json", "briefUrl": "https://openagent3.xyz/skills/dns-networking/agent.md" } }