How to troubleshoot dns issues by directly querying name servers


This tip will help you troubleshooting DNS issues by directly querying DNS using only the IP address of name servers. When you run dns resolution client tools such as dig or nslookup, they will query the name server configured on your host. If the DNS with unexpired ttl is in cache, they will return it from cache. The results will return from cache by any of the intermediate name servers except for the authoritative name servers. That is why ‘dig +trace’ is useful in troubleshooting dns issues, as it starts from the root name servers and moves down all the way to the authoritative name servers to get you the dns records.

Here is a similar tool to “dig +trace“, which queries root name servers, their IPs is hard coded in the script, and follows the authoritative name servers for the subdomains by directly querying the registered IP addresses of name servers. For instance, if you use this tool to query “www.example.com”, it will get a randomly picked root name server’s IP and query it for NS records of “.com” domain. Once it gets the IP address of the name servers for “.com”, it goes on to query them for authoritative name servers of “example.com.” and does the same for “www.example.com.” as well. Throughout the query, it doesn’t use any cache or FQDN, it get the IP address of authoritative name servers and queries the IP directly.

You will need to install dnspython module first –

cd /tmp
pip install dnspython
https://github.com/danasmera/Python_scripts.git
cd Python_scripts/

Start DNS tracing now –

1. google.com

$ python dig-trace.py google.com
Splitting domain into sub-domains ...
['.', 'com.', 'google.com.']

Selected root . name server: 199.9.14.201
Selecting name server for com. domain ...

picked name server: 192.48.79.30
Selecting name server for google.com. domain ...

picked name server: 216.239.36.10
Querying name server: 216.239.36.10
google.com. 300 IN A 173.194.219.102
google.com. 300 IN A 173.194.219.101
google.com. 300 IN A 173.194.219.113
google.com. 300 IN A 173.194.219.100
google.com. 300 IN A 173.194.219.138
google.com. 300 IN A 173.194.219.139


2. www.whitegov.com txt

 python dig-trace.py www.whitegov.com txt
Splitting domain into sub-domains ...
['.', 'com.', 'whitegov.com.', 'www.whitegov.com.']

Selected root . name server: 192.33.4.12
Selecting name server for com. domain ...

picked name server: 192.54.112.30
Selecting name server for whitegov.com. domain ...

picked name server: 204.11.57.26
Selecting name server for www.whitegov.com. domain ...

picked name server: 204.11.56.26
Querying name server: 204.11.56.26
www.whitegov.com. 3600 IN TXT "~"



3. cnn.com mx

$ python dig-trace.py cnn.com mx
Splitting domain into sub-domains ...
['.', 'com.', 'cnn.com.']

Selected root . name server: 193.0.14.129
Selecting name server for com. domain ...

picked name server: 192.31.80.30
Selecting name server for cnn.com. domain ...

picked name server: 205.251.192.47
Querying name server: 205.251.192.47
cnn.com. 300 IN MX 10 mxa-000c6b02.gslb.pphosted.com.
cnn.com. 300 IN MX 10 mxb-000c6b02.gslb.pphosted.com.

4. linuxfreelancer.com [ANY | NS ]

$ python dig-trace.py www.linuxfreelancer.com ANY
Splitting domain into sub-domains ...
['.', 'com.', 'linuxfreelancer.com.', 'www.linuxfreelancer.com.']

Selected root . name server: 192.112.36.4
Selecting name server for com. domain ...

picked name server: 192.35.51.30
Selecting name server for linuxfreelancer.com. domain ...

picked name server: 208.109.255.48
Selecting name server for www.linuxfreelancer.com. domain ...
Querying name server: 208.109.255.48


$ python dig-trace.py www.linuxfreelancer.com NS
Splitting domain into sub-domains ...
['.', 'com.', 'linuxfreelancer.com.', 'www.linuxfreelancer.com.']

Selected root . name server: 202.12.27.33
Selecting name server for com. domain ...

picked name server: 192.55.83.30
Selecting name server for linuxfreelancer.com. domain ...

picked name server: 216.69.185.48
Selecting name server for www.linuxfreelancer.com. domain ...
Querying name server: 216.69.185.48
www.linuxfreelancer.com. 1800 IN CNAME linuxfreelancer.com.
linuxfreelancer.com. 3600 IN NS ns75.domaincontrol.com.
linuxfreelancer.com. 3600 IN NS ns76.domaincontrol.com.


Links –


https://github.com/danasmera/Python_scripts

https://github.com/rthalley/dnspython

https://linux.die.net/man/1/dig