# Send DNS & Networking to your agent Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually. ## Fast path - Download the package from Yavira. - Extract it into a folder your agent can access. - Paste one of the prompts below and point your agent at the extracted folder. ## Suggested prompts ### New install ```text I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete. ``` ### Upgrade existing ```text I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run. ``` ## Machine-readable fields ```json { "schemaVersion": "1.0", "item": { "slug": "dns-networking", "name": "DNS & Networking", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/gitgoodordietrying/dns-networking", "canonicalUrl": "https://clawhub.ai/gitgoodordietrying/dns-networking", "targetPlatform": "OpenClaw" }, "install": { "downloadUrl": "/downloads/dns-networking", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=dns-networking", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "packageFormat": "ZIP package", "primaryDoc": "SKILL.md", "includedAssets": [ "SKILL.md" ], "downloadMode": "redirect", "sourceHealth": { "source": "tencent", "slug": "dns-networking", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-02T08:23:14.044Z", "expiresAt": "2026-05-09T08:23:14.044Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=dns-networking", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=dns-networking", "contentDisposition": "attachment; filename=\"dns-networking-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null, "slug": "dns-networking" }, "scope": "item", "summary": "Item download looks usable.", "detail": "Yavira can redirect you to the upstream package for this item.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/dns-networking" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] } }, "links": { "detailUrl": "https://openagent3.xyz/skills/dns-networking", "downloadUrl": "https://openagent3.xyz/downloads/dns-networking", "agentUrl": "https://openagent3.xyz/skills/dns-networking/agent", "manifestUrl": "https://openagent3.xyz/skills/dns-networking/agent.json", "briefUrl": "https://openagent3.xyz/skills/dns-networking/agent.md" } } ``` ## Documentation ### DNS & Networking Debug DNS resolution, network connectivity, and HTTP issues. Covers dig/nslookup, port testing, firewall rules, curl diagnostics, /etc/hosts, proxy configuration, and certificate troubleshooting. ### When to Use DNS name not resolving or resolving to wrong IP Connection refused / connection timed out errors Diagnosing firewall or security group rules HTTP requests failing for unclear reasons Proxy configuration issues SSL/TLS certificate errors Testing connectivity between services ### Query DNS records # A record (IP address) dig example.com dig +short example.com # Specific record types dig example.com MX # Mail servers dig example.com CNAME # Aliases dig example.com TXT # Text records (SPF, DKIM, etc.) dig example.com NS # Name servers dig example.com AAAA # IPv6 address dig example.com SOA # Start of Authority # Query a specific DNS server dig @8.8.8.8 example.com dig @1.1.1.1 example.com # Trace the full resolution path dig +trace example.com # Reverse lookup (IP → hostname) dig -x 93.184.216.34 # nslookup (simpler, works everywhere) nslookup example.com nslookup example.com 8.8.8.8 # Query specific server nslookup -type=MX example.com # host (simplest) host example.com host -t MX example.com ### Check DNS propagation # Query multiple public DNS servers for dns in 8.8.8.8 1.1.1.1 9.9.9.9 208.67.222.222; do echo -n "$dns: " dig +short @"$dns" example.com done # Check TTL (time to live) dig example.com | grep -E '^\\S+\\s+\\d+\\s+IN\\s+A' # The number is TTL in seconds ### Local DNS issues # Check /etc/resolv.conf (which DNS server the system uses) cat /etc/resolv.conf # Check /etc/hosts (local overrides) cat /etc/hosts # Flush DNS cache # macOS: sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder # Linux (systemd-resolved): sudo systemd-resolve --flush-caches # Windows: ipconfig /flushdns # Check if systemd-resolved is running (Linux) resolvectl status ### /etc/hosts patterns # /etc/hosts — local DNS overrides (no TTL, instant) # Point a domain to localhost (for development) 127.0.0.1 myapp.local 127.0.0.1 api.myapp.local # Block a domain 0.0.0.0 ads.example.com # Test a migration (point domain to new server before DNS change) 203.0.113.50 example.com 203.0.113.50 www.example.com # Multiple names for one IP 192.168.1.100 db.local redis.local cache.local ### Test if a port is open # nc (netcat) — most reliable nc -zv example.com 443 nc -zv -w 5 example.com 80 # 5 second timeout # Test multiple ports for port in 22 80 443 5432 6379; do nc -zv -w 2 example.com $port 2>&1 done # /dev/tcp (bash built-in, no extra tools needed) timeout 3 bash -c 'echo > /dev/tcp/example.com/443' && echo "Open" || echo "Closed" # curl (also tests HTTP) curl -sI -o /dev/null -w "%{http_code}" https://example.com # Test from inside a Docker container docker exec my-container nc -zv db 5432 ### Network path diagnostics # traceroute (show network hops) traceroute example.com # mtr (continuous traceroute with stats — best for finding packet loss) mtr example.com mtr -r -c 20 example.com # Report mode, 20 packets # ping ping -c 5 example.com # Show local network interfaces ip addr show # Linux ifconfig # macOS / older Linux # Show routing table ip route show # Linux netstat -rn # macOS route -n # Linux (older) ### Check listening ports # What's listening on which port (Linux) ss -tlnp ss -tlnp | grep :8080 # macOS lsof -i -P -n | grep LISTEN lsof -i :8080 # Older Linux netstat -tlnp netstat -tlnp | grep :8080 # Which process is using a port lsof -i :3000 fuser 3000/tcp # Linux ### Verbose request inspection # Full verbose output (headers, TLS handshake, timing) curl -v https://api.example.com/endpoint # Show timing breakdown curl -o /dev/null -s -w " DNS: %{time_namelookup}s Connect: %{time_connect}s TLS: %{time_appconnect}s TTFB: %{time_starttransfer}s Total: %{time_total}s Status: %{http_code} Size: %{size_download} bytes " https://api.example.com/endpoint # Show response headers only curl -sI https://api.example.com/endpoint # Follow redirects and show each hop curl -sIL https://example.com # Resolve a domain to a specific IP (bypass DNS) curl --resolve example.com:443:203.0.113.50 https://example.com # Use a specific network interface curl --interface eth1 https://example.com ### Debug common HTTP issues # Test with different HTTP versions curl --http1.1 https://example.com curl --http2 https://example.com # Test with specific TLS version curl --tlsv1.2 https://example.com curl --tlsv1.3 https://example.com # Ignore certificate errors (debugging only) curl -k https://self-signed.example.com # Send request with custom Host header (virtual hosts) curl -H "Host: example.com" https://203.0.113.50/ # Test CORS preflight curl -X OPTIONS -H "Origin: http://localhost:3000" \\ -H "Access-Control-Request-Method: POST" \\ -v https://api.example.com/endpoint ### iptables (Linux) # List all rules sudo iptables -L -n -v # Allow incoming on port 80 sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT # Allow incoming from specific IP sudo iptables -A INPUT -s 203.0.113.0/24 -p tcp --dport 22 -j ACCEPT # Block incoming on a port sudo iptables -A INPUT -p tcp --dport 3306 -j DROP # Save rules (persist across reboot) sudo iptables-save > /etc/iptables/rules.v4 ### ufw (simpler, Ubuntu/Debian) # Enable sudo ufw enable # Allow/deny sudo ufw allow 80/tcp sudo ufw allow 443/tcp sudo ufw allow from 203.0.113.0/24 to any port 22 sudo ufw deny 3306 # Check status sudo ufw status verbose # Reset all rules sudo ufw reset ### macOS firewall # Check status sudo /usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate # Enable sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate on # Allow an application sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /usr/local/bin/myapp ### Environment variables # Set proxy for most CLI tools export HTTP_PROXY=http://proxy.example.com:8080 export HTTPS_PROXY=http://proxy.example.com:8080 export NO_PROXY=localhost,127.0.0.1,.internal.example.com # For curl specifically export http_proxy=http://proxy.example.com:8080 # lowercase also works # With authentication export HTTPS_PROXY=http://user:password@proxy.example.com:8080 ### Test through proxy # curl with explicit proxy curl -x http://proxy.example.com:8080 https://httpbin.org/ip # SOCKS proxy curl --socks5 localhost:1080 https://httpbin.org/ip # Verify your external IP through proxy curl -x http://proxy:8080 https://httpbin.org/ip curl https://httpbin.org/ip # Compare with direct # Test proxy connectivity curl -v -x http://proxy:8080 https://example.com 2>&1 | grep -i "proxy\\|connect" ### Common proxy issues # Node.js fetch/undici does NOT respect HTTP_PROXY # Use undici ProxyAgent or node-fetch with http-proxy-agent # Git through proxy git config --global http.proxy http://proxy:8080 git config --global https.proxy http://proxy:8080 # Remove: git config --global --unset http.proxy # npm through proxy npm config set proxy http://proxy:8080 npm config set https-proxy http://proxy:8080 # pip through proxy pip install --proxy http://proxy:8080 package-name ### Certificate Troubleshooting # Check certificate from a server echo | openssl s_client -connect example.com:443 -servername example.com 2>/dev/null | \\ openssl x509 -noout -subject -issuer -dates # Check expiry echo | openssl s_client -connect example.com:443 2>/dev/null | \\ openssl x509 -noout -enddate # Download certificate chain openssl s_client -showcerts -connect example.com:443 < /dev/null 2>/dev/null | \\ awk '/BEGIN CERT/,/END CERT/' > chain.pem # Verify a certificate against CA bundle openssl verify -CAfile /etc/ssl/certs/ca-certificates.crt server.pem # Check certificate for a specific hostname (SNI) openssl s_client -connect cdn.example.com:443 -servername cdn.example.com # Common error: "certificate has expired" # Check the date on the server: date # If the system clock is wrong, certs will appear invalid ### Quick Diagnostics Script #!/bin/bash # net-check.sh — Quick network diagnostics TARGET="${1:?Usage: net-check.sh [port]}" PORT="${2:-443}" echo "=== Network Check: $TARGET:$PORT ===" echo -n "DNS resolution: " IP=$(dig +short "$TARGET" | head -1) [[ -n "$IP" ]] && echo "$IP" || echo "FAILED" echo -n "Ping: " ping -c 1 -W 3 "$TARGET" > /dev/null 2>&1 && echo "OK" || echo "FAILED (may be blocked)" echo -n "Port $PORT: " nc -zv -w 5 "$TARGET" "$PORT" 2>&1 | grep -q "succeeded\\|open" && echo "OPEN" || echo "CLOSED/FILTERED" if [[ "$PORT" == "443" || "$PORT" == "8443" ]]; then echo -n "TLS: " echo | openssl s_client -connect "$TARGET:$PORT" -servername "$TARGET" 2>/dev/null | \\ grep -q "Verify return code: 0" && echo "VALID" || echo "INVALID/ERROR" echo -n "Certificate expiry: " echo | openssl s_client -connect "$TARGET:$PORT" 2>/dev/null | \\ openssl x509 -noout -enddate 2>/dev/null | sed 's/notAfter=//' fi echo "=== Done ===" ### Tips dig +short is the fastest way to check DNS from the command line. Use @8.8.8.8 to bypass local caching. nc -zv is the simplest port connectivity test. If nc isn't available, use bash's /dev/tcp. curl's -w format string with timing variables is the fastest way to diagnose slow HTTP requests: DNS, connect, TLS, and TTFB are all visible. DNS changes propagate based on TTL. Check the current TTL with dig before expecting a DNS change to take effect. /etc/hosts changes take effect immediately (no TTL, no propagation delay). Use it to test domain migrations before changing DNS. When debugging "connection refused": first verify the port is open with nc, then check the service is actually listening with ss -tlnp or lsof -i. mtr is better than traceroute for diagnosing packet loss — it runs continuously and shows per-hop loss percentages. Node.js, Python requests, and many libraries do NOT automatically use HTTP_PROXY environment variables. Check each tool's proxy documentation. ## Trust - Source: tencent - Verification: Indexed source record - Publisher: gitgoodordietrying - Version: 1.0.0 ## Source health - Status: healthy - Item download looks usable. - Yavira can redirect you to the upstream package for this item. - Health scope: item - Reason: direct_download_ok - Checked at: 2026-05-02T08:23:14.044Z - Expires at: 2026-05-09T08:23:14.044Z - Recommended action: Download for OpenClaw ## Links - [Detail page](https://openagent3.xyz/skills/dns-networking) - [Send to Agent page](https://openagent3.xyz/skills/dns-networking/agent) - [JSON manifest](https://openagent3.xyz/skills/dns-networking/agent.json) - [Markdown brief](https://openagent3.xyz/skills/dns-networking/agent.md) - [Download page](https://openagent3.xyz/downloads/dns-networking)