Categories: Linux

troubleshooting dns – dig tracing

How to troubleshoot dns issues by directly querying name servers

This tip will help you troubleshooting DNS issues by directly querying DNS using only the IP address of name servers. When you run dns resolution client tools such as dig or nslookup, they will query the name server configured on your host. If the DNS with unexpired ttl is in cache, they will return it from cache. The results will return from cache by any of the intermediate name servers except for the authoritative name servers. That is why ‘dig +trace’ is useful in troubleshooting dns issues, as it starts from the root name servers and moves down all the way to the authoritative name servers to get you the dns records.

Here is a similar tool to “dig +trace”, which queries root name servers, their IPs is hard coded in the script, and follows the authoritative name servers for the subdomains by directly querying the registered IP addresses of name servers. For instance, if you use this tool to query “www.example.com”, it will get a randomly picked root name server’s IP and query it for NS records of “.com” domain. Once it gets the IP address of the name servers for “.com”, it goes on to query them for authoritative name servers of “example.com.” and does the same for “www.example.com.” as well. Throughout the query, it doesn’t use any cache or FQDN, it get the IP address of authoritative name servers and queries the IP directly.

You will need to install dnspython module first –

cd /tmp
pip install dnspython
git clone https://github.com/danasmera/Python_scripts.git
cd Python_scripts/

Start DNS tracing now –

1. google.com

$ python dig-trace.py google.com
Splitting domain into sub-domains ...
['.', 'com.', 'google.com.']

Selected root . name server: 199.9.14.201
Selecting name server for com. domain ...

picked name server: 192.48.79.30
Selecting name server for google.com. domain ...

picked name server: 216.239.36.10
Querying name server: 216.239.36.10
google.com. 300 IN A 173.194.219.102
google.com. 300 IN A 173.194.219.101
google.com. 300 IN A 173.194.219.113
google.com. 300 IN A 173.194.219.100
google.com. 300 IN A 173.194.219.138
google.com. 300 IN A 173.194.219.139


2. www.whitegov.com txt

 python dig-trace.py www.whitegov.com txt
Splitting domain into sub-domains ...
['.', 'com.', 'whitegov.com.', 'www.whitegov.com.']

Selected root . name server: 192.33.4.12
Selecting name server for com. domain ...

picked name server: 192.54.112.30
Selecting name server for whitegov.com. domain ...

picked name server: 204.11.57.26
Selecting name server for www.whitegov.com. domain ...

picked name server: 204.11.56.26
Querying name server: 204.11.56.26
www.whitegov.com. 3600 IN TXT "~"



3. cnn.com mx

$ python dig-trace.py cnn.com mx
Splitting domain into sub-domains ...
['.', 'com.', 'cnn.com.']

Selected root . name server: 193.0.14.129
Selecting name server for com. domain ...

picked name server: 192.31.80.30
Selecting name server for cnn.com. domain ...

picked name server: 205.251.192.47
Querying name server: 205.251.192.47
cnn.com. 300 IN MX 10 mxa-000c6b02.gslb.pphosted.com.
cnn.com. 300 IN MX 10 mxb-000c6b02.gslb.pphosted.com.

4. linuxfreelancer.com [ANY | NS ]

$ python dig-trace.py www.linuxfreelancer.com ANY
Splitting domain into sub-domains ...
['.', 'com.', 'linuxfreelancer.com.', 'www.linuxfreelancer.com.']

Selected root . name server: 192.112.36.4
Selecting name server for com. domain ...

picked name server: 192.35.51.30
Selecting name server for linuxfreelancer.com. domain ...

picked name server: 208.109.255.48
Selecting name server for www.linuxfreelancer.com. domain ...
Querying name server: 208.109.255.48


$ python dig-trace.py www.linuxfreelancer.com NS
Splitting domain into sub-domains ...
['.', 'com.', 'linuxfreelancer.com.', 'www.linuxfreelancer.com.']

Selected root . name server: 202.12.27.33
Selecting name server for com. domain ...

picked name server: 192.55.83.30
Selecting name server for linuxfreelancer.com. domain ...

picked name server: 216.69.185.48
Selecting name server for www.linuxfreelancer.com. domain ...
Querying name server: 216.69.185.48
www.linuxfreelancer.com. 1800 IN CNAME linuxfreelancer.com.
linuxfreelancer.com. 3600 IN NS ns75.domaincontrol.com.
linuxfreelancer.com. 3600 IN NS ns76.domaincontrol.com.


Links –

https://github.com/danasmera/Python_scripts

https://github.com/rthalley/dnspython

https://linux.die.net/man/1/dig

daniel

Share
Published by
daniel

Recent Posts

GCP for Linux System administrators

Linux System Admins Journey to Google Cloud Platform As a Linux system administrator, you have…

9 months ago

Top 5 Troubleshooting Tools for Network Professionals in Linux

As a network professional, troubleshooting is a crucial part of your daily routine. To streamline…

9 months ago

netstat equivalent tool

The net-tools set of packages had been deprecated years back, although the commands are still…

2 years ago

GCP GKE – run kubectl through bastion host

Re-posting my answer to a Google cloud platform's Google Kubernetes Engine (GKE) related question in…

4 years ago

Spoof User Agent in http calls

Recently I was trying to download numerous files from a certain website using a shell…

4 years ago

Terraform – show logging

Enabling logging in terraform for debugging

5 years ago