This article provides a guide demonstrating how to deploy Zonemaster on Debian VPS.
What is Zonemaster?
Zonemaster is an open-source DNS testing and validation framework designed to thoroughly analyze the health, correctness, and performance of a domain’s DNS configuration. It is jointly developed and maintained by AFNIC (registry for .fr) and IIS/Internetstiftelsen (registry for .se).
Think of it as a “DNS diagnostics engine” that performs deep, standards-compliant checks to help domain owners, hosting providers, and DNS administrators ensure their DNS is configured correctly.
⭐ What Zonemaster Does
Zonemaster performs comprehensive DNS tests that verify:
-
1. DNS Configuration Health
- NS (nameserver) consistency
- Glue records
- SOA records
- DNSSEC chain of trust
- IPv4/IPv6 support
- Delegation correctness
-
2. DNS Performance
- Nameserver responsiveness
- Packet loss
- Latency and timeouts
- TCP vs UDP responsiveness
-
3. Standards Compliance
Zonemaster’s tests are based on:
- IETF RFCs
- Best practices from major TLD registries
- DNSSEC technical norms
-
4. Error Detection
Zonemaster identifies:
- Misconfigured DNS records
- Missing or incorrect glue
- DNSSEC failures
- Serial number mismatches
- Recursion issues
- Parent/child zone inconsistencies
- Nameservers not authoritative
- Email DNS issues (MX, SPF, etc., indirectly)
🔍 Three Major Components
Zonemaster is composed of:
-
1. Zonemaster Engine
The core module that runs all tests and produces results.
Used by the CLI and the web interface. -
2. Zonemaster CLI
A command-line tool for running tests directly on a server:
zonemaster-cli example.com
-
3. Zonemaster Backend + GUI
A web-based interface that allows anyone to run DNS tests in a browser.
Your VPS can host a public Zonemaster instance.
🧪 Why People Use Zonemaster
✔ Hosting providers
Ensure domains hosted on their nameservers are working correctly.
✔ Domain registrars
Validate domains at time of registration or DNS change.
✔ DNS operators and sysadmins
Periodically audit DNS health and detect errors early.
✔ Security-conscious organizations
Validate DNSSEC configuration and trust chain.
✔ Developers and researchers
Automate DNS testing with API endpoints.
📦 Key Features
- Deep DNS analysis comparable to DNSInspect, DNSViz, and IntoDNS
- DNSSEC validation and chain-of-trust testing
- Public API for integrations
- Web-based user interface
- Highly detailed test reports
- Compatible with all TLDs
- Actively maintained by major domain registries
🏁 In Short
Zonemaster is a professional-grade DNS testing suite that helps ensure domain configurations are correct, secure, and fully compliant with DNS standards.
This guide covers installations on Debian 12 (Bookworm).
✅ Overview: What You Will Install
| Component | Purpose |
|---|---|
| Zonemaster Engine | Core DNS testing logic |
| Zonemaster CLI | Command-line test runner |
| Zonemaster Backend | RPC/REST API for web UI |
| Zonemaster Web GUI | Browser-based interface for DNS testing |
How to Deploy Zonemaster on Debian VPS
To deploy Zonemaster on Debian VPS, follow the steps below:
-
🛠️ Prerequisites
-
System Requirements
- Debian 12 VPS (2 GB RAM minimum recommended)
- Root or sudo access
- Static public IP address
- A domain name for GUI access (optional)
-
Update System
sudo apt update && sudo apt upgrade -y sudo apt install curl git build-essential unzip ufw -y
-
-
🧱 Install Zonemaster Engine
The Engine is the foundational component.
-
Install Dependencies
sudo apt install libmodule-install-perl perl libmoose-perl libmoosex-markasmethods-perl libfile-slurp-perl libhash-merge-perl libnetaddr-ip-perl libjson-perl libjson-pp-perl liblist-moreutils-perl liblocale-maketext-perl libmoosex-getopt-perl libnet-ip-perl libplack-perl libplack-middleware-debug-perl libtest-deep-perl libtest-fatal-perl libtest-json-perl libtie-ixhash-perl libtry-tiny-perl libyaml-libyaml-perl libdevel-checklib-perl libssl-dev libextutils-pkgconfig-perl libidn2-dev gettext -y sudo apt update sudo apt install autoconf automake build-essential cpanminus libclass-accessor-perl libclone-perl libdevel-checklib-perl libemail-valid-perl libextutils-pkgconfig-perl libfile-sharedir-perl libfile-slurp-perl libidn2-dev libintl-perl libio-socket-inet6-perl liblist-compare-perl liblist-moreutils-perl liblocale-po-perl liblog-any-perl libmail-spf-perl libmime-base32-perl libmodule-find-perl libmodule-install-perl libmodule-install-xsutil-perl libnet-dns-perl libnet-ip-xs-perl libpod-coverage-perl libreadonly-perl libssl-dev libsub-override-perl libtest-differences-perl libtest-exception-perl libtest-fatal-perl libtest-nowarnings-perl libtest-pod-perl libtext-csv-perl libyaml-libyaml-perl libtool m4 -y
-
Download Zonemaster Engine
cd /opt sudo git clone https://github.com/zonemaster/zonemaster-engine.git cd zonemaster-engine
-
Install CPAN Dependencies
sudo cpanm --installdeps . sudo cpan install Zonemaster::Engine::Nameserver::Cache::RedisCache
-
Install Zonemaster Engine
sudo perl Makefile.PL sudo make sudo make test sudo make install
-
-
🖥️ Install Zonemaster CLI (zonemaster-cli)
The CLI is part of Engine but needs a small wrapper.
Install:
sudo apt install zonemaster-cli -y sudo cpanm Zonemaster::CLI
Test:
zonemaster-cli example.com
You should see DNS test output.
-
🔌 Install Zonemaster Backend (API)
The Backend exposes an HTTP API for the GUI.
-
Install Dependencies
sudo perl -pi -e 's/^# (da_DK\.UTF-8.*|en_US\.UTF-8.*|es_ES\.UTF-8.*|fi_FI\.UTF-8.*|fr_FR\.UTF-8.*|nb_NO\.UTF-8.*|sl_SI\.UTF-8.*|sv_SE\.UTF-8.*)/$1/' /etc/locale.gen sudo locale-gen sudo apt install jq libclass-accessor-lite-perl libconfig-inifiles-perl libdaemon-control-perl libdata-validate-domain-perl libdata-validate-ip-perl libfuture-asyncawait-perl libfuture-perl libhttp-parser-xs-perl libio-multiplex-perl libio-socket-socks-perl libjq1 libjs-bootstrap4 libjs-highlight.js libjs-popper.js libjs-sizzle libjson-rpc-perl libjson-validator-perl liblog-any-adapter-dispatch-perl libmath-base85-perl libmojo-server-fastcgi-perl libmojolicious-perl libnet-cidr-perl libnet-idn-encode-perl libnet-ipv6addr-perl libnet-netmask-perl libnet-server-perl libnet-server-ss-prefork-perl libonig5 libparallel-forkmanager-perl libplack-middleware-reverseproxy-perl librouter-simple-perl libsereal-encoder-perl libserver-starter-perl libsub-uplevel-perl libtest-exception-perl libtest-nowarnings-perl libxs-parse-keyword-perl libxs-parse-sublike-perl node-jquery openapi-specification perl-doc starman -y sudo apt install libdbi-perl libdbd-sqlite3-perl sqlite3 libdaemon-generic-perl libio-captureoutput-perl liblog-any-perl liblog-dispatch-perl libsoap-lite-perl libfile-sharedir-perl -y
-
Download Backend
cd /opt sudo git clone https://github.com/zonemaster/zonemaster-backend.git cd zonemaster-backend
-
Install Perl Dependencies
sudo cpanm --installdeps .
-
Configure Backend
Copy example config:
sudo cpanm --notest Zonemaster::Backend sudo useradd -r -c "Zonemaster daemon user" zonemaster cd `perl -MFile::ShareDir=dist_dir -E 'say dist_dir("Zonemaster-Backend")'` sudo install -v -m 755 -d /etc/zonemaster sudo install -v -m 775 -g zonemaster -d /var/log/zonemaster sudo install -v -m 640 -g zonemaster ./backend_config.ini /etc/zonemaster/ sudo install -v -m 755 ./zm-rpcapi.lsb /etc/init.d/zm-rpcapi sudo install -v -m 755 ./zm-testagent.lsb /etc/init.d/zm-testagent sudo install -v -m 644 ./tmpfiles.conf /usr/lib/tmpfiles.d/zonemaster.conf sudo install -v -m 755 -o zonemaster -g zonemaster -d /var/lib/zonemaster sudo -u zonemaster $(perl -MFile::ShareDir -le 'print File::ShareDir::dist_dir("Zonemaster-Backend")')/create_db.pl sudo systemd-tmpfiles --create /usr/lib/tmpfiles.d/zonemaster.conf sudo systemctl enable zm-rpcapi sudo systemctl enable zm-testagent sudo systemctl start zm-rpcapi sudo systemctl start zm-testagentEdit config:
sudo nano /etc/zonemaster_backend_config.ini
Recommended settings:
[DB] engine = SQLite database_file = /var/lib/zonemaster/zonemaster.sqlite [LOG] level = INFO [RPCAPI] enable = yes listen = 127.0.0.1 port = 5000
-
Initialize Database
sudo mkdir -p /var/lib/zonemaster/ sudo ./script/create_db.pl
-
Create Systemd Service
Create service file:
sudo nano /etc/systemd/system/zonemaster-backend.service
Add:
[Unit] Description=Zonemaster Backend API After=network.target [Service] User=root ExecStart=/usr/bin/plackup -R lib -s Starman --listen 127.0.0.1:5000 bin/zonemaster_backend.psgi WorkingDirectory=/opt/zonemaster-backend Restart=always [Install] WantedBy=multi-user.target
Enable + start:
sudo systemctl daemon-reload sudo systemctl enable --now zonemaster-backend
Test API:
curl http://127.0.0.1:5000/api/version
-
-
🌐 Install Zonemaster Web GUI
-
Install Dependencies
sudo apt-get update && sudo apt-get upgrade -y sudo apt-get install -y apache2 unzip
-
Basic Apache Configuration
sudo a2enmod proxy proxy_http rewrite sudo a2dissite 000-default sudo systemctl enable apache2 sudo systemctl restart apache2
-
Download GUI
wget https://github.com/zonemaster/zonemaster-gui/releases/download/v4.4.0/zonemaster_web_gui.zip -O zonemaster_web_gui.zip sudo unzip -d /var/www/html/zonemaster-web-gui zonemaster_web_gui.zip sudo install -vd /var/log/zonemaster sudo install -v /var/www/html/zonemaster-web-gui/zonemaster.conf-example /etc/apache2/sites-available/zonemaster.conf rm -f zonemaster_web_gui.zip
-
Configure Zonemaster Web GUI
sudo a2ensite zonemaster
Update the zonemaster.conf file with your own ServerName, ServerAlias and ServerAdmin:
nano /etc/apache2/sites-available/zonemaster.conf
-
Reload Apache
sudo systemctl reload apache2
-
-
🔒 Enable SSL (Optional but Recommended)
Using Let’s Encrypt:
sudo apt install certbot python3-certbot-apache -y sudo certbot --apache -d zonemaster.example.com
Auto-renews daily.
-
🧪 Test Zonemaster Deployment
Visit:
https://zonemaster.example.com
Zonemaster results for radwebhosting. Com Run a test on any domain.
Or test via API:
curl -X POST http://127.0.0.1:5000/api/run \ -H "Content-Type: application/json" \ -d '{"domain":"example.com"}' -
🔧 Useful Commands
-
Restart Backend
sudo systemctl restart zonemaster-backend
-
Check Backend logs
journalctl -u zonemaster-backend
-
🎉 You Now Have a Full Zonemaster Deployment on Debian!
This installation includes:
✔ Zonemaster Engine
✔ CLI tools
✔ Backend API
✔ Web GUI with Nginx
✔ Optional SSL for secure access
Conclusion
You now know how to deploy Zonemaster on Debian VPS.
