How to troubleshoot dns issues by directly querying name servers
This tip will help you troubleshooting DNS issues by directly querying DNS using only the IP address of name servers. When you run dns resolution client tools such as dig or nslookup, they will query the name server configured on your host. If the DNS with unexpired ttl is in cache, they will return it from cache. The results will return from cache by any of the intermediate name servers except for the authoritative name servers. That is why ‘dig +trace’ is useful in troubleshooting dns issues, as it starts from the root name servers and moves down all the way to the authoritative name servers to get you the dns records.
Here is a similar tool to “dig +trace“, which queries root name servers, their IPs is hard coded in the script, and follows the authoritative name servers for the subdomains by directly querying the registered IP addresses of name servers. For instance, if you use this tool to query “www.example.com”, it will get a randomly picked root name server’s IP and query it for NS records of “.com” domain. Once it gets the IP address of the name servers for “.com”, it goes on to query them for authoritative name servers of “example.com.” and does the same for “www.example.com.” as well. Throughout the query, it doesn’t use any cache or FQDN, it get the IP address of authoritative name servers and queries the IP directly.
You will need to install dnspython module first –
cd /tmp pip install dnspython https://github.com/danasmera/Python_scripts.git cd Python_scripts/
Start DNS tracing now –
1. google.com
$ python dig-trace.py google.com Splitting domain into sub-domains ... ['.', 'com.', 'google.com.'] Selected root . name server: 199.9.14.201 Selecting name server for com. domain ... picked name server: 192.48.79.30 Selecting name server for google.com. domain ... picked name server: 216.239.36.10 Querying name server: 216.239.36.10 google.com. 300 IN A 173.194.219.102 google.com. 300 IN A 173.194.219.101 google.com. 300 IN A 173.194.219.113 google.com. 300 IN A 173.194.219.100 google.com. 300 IN A 173.194.219.138 google.com. 300 IN A 173.194.219.139
2. www.whitegov.com txt
python dig-trace.py www.whitegov.com txt Splitting domain into sub-domains ... ['.', 'com.', 'whitegov.com.', 'www.whitegov.com.'] Selected root . name server: 192.33.4.12 Selecting name server for com. domain ... picked name server: 192.54.112.30 Selecting name server for whitegov.com. domain ... picked name server: 204.11.57.26 Selecting name server for www.whitegov.com. domain ... picked name server: 204.11.56.26 Querying name server: 204.11.56.26 www.whitegov.com. 3600 IN TXT "~"
3. cnn.com mx
$ python dig-trace.py cnn.com mx Splitting domain into sub-domains ... ['.', 'com.', 'cnn.com.'] Selected root . name server: 193.0.14.129 Selecting name server for com. domain ... picked name server: 192.31.80.30 Selecting name server for cnn.com. domain ... picked name server: 205.251.192.47 Querying name server: 205.251.192.47 cnn.com. 300 IN MX 10 mxa-000c6b02.gslb.pphosted.com. cnn.com. 300 IN MX 10 mxb-000c6b02.gslb.pphosted.com.
4. linuxfreelancer.com [ANY | NS ]
$ python dig-trace.py www.linuxfreelancer.com ANY Splitting domain into sub-domains ... ['.', 'com.', 'linuxfreelancer.com.', 'www.linuxfreelancer.com.'] Selected root . name server: 192.112.36.4 Selecting name server for com. domain ... picked name server: 192.35.51.30 Selecting name server for linuxfreelancer.com. domain ... picked name server: 208.109.255.48 Selecting name server for www.linuxfreelancer.com. domain ... Querying name server: 208.109.255.48 $ python dig-trace.py www.linuxfreelancer.com NS Splitting domain into sub-domains ... ['.', 'com.', 'linuxfreelancer.com.', 'www.linuxfreelancer.com.'] Selected root . name server: 202.12.27.33 Selecting name server for com. domain ... picked name server: 192.55.83.30 Selecting name server for linuxfreelancer.com. domain ... picked name server: 216.69.185.48 Selecting name server for www.linuxfreelancer.com. domain ... Querying name server: 216.69.185.48 www.linuxfreelancer.com. 1800 IN CNAME linuxfreelancer.com. linuxfreelancer.com. 3600 IN NS ns75.domaincontrol.com. linuxfreelancer.com. 3600 IN NS ns76.domaincontrol.com.
Links –
https://github.com/danasmera/Python_scripts