Linux for Network Engineers: How to Resolve a Host and Test DNS Servers
DNS resolution is one of the most basic functionalities on any host. On Linux, there are multiple ways to test if DNS works, and in this post we’ll review how DNS servers are configured and what commands you can use to test them.
DNS server configuration
Every host needs to have a list of DNS server IPs, and, in most cases, this list comes from the DHCP lease. To see which DNS servers your Linux box is configured with, you have to look at the file “/etc/resolv.conf” as follows:
netbeez.net$ cat /etc/resolv.conf domain local.netbeez.net search local.netbeez.net attlocal.net nameserver 8.8.8.8 nameserver 192.168.0.1
Local domain name: local.netbeez.net
If you try to resolve an address that has no dots in it (e.g. webpage1), then the resolver will automatically append local.netbeez.net (webpage1.local.netbeez.net) and try to resolve it. When the hostname of the machine contains a ‘.’ (e.g. raspberry.local.netbeez.net) then the local domain name becomes the suffix (local.netbeez.net) of the hostname.
Default search domain: local.netbeez.net and attlocal.net
This is like a superset of the local domain name. You can specify up to 6 domains with a total of 256 characters. If “webpage1”, the resolver will automatically append local.netbeez.net (webpage1.local.netbeez.net) and try to resolve it. If this fails, it will then try attlocal.net (webpage1.attlocal.net).
Nameservers: 8.8.8.8, 192.168.0.1
These are the DNS servers used to resolve web addresses. You can list up to three, and the resolver tries each of them, one by one, until it finds one that works. You may recognized the Google DNS server 8.8.8.8, and 192.168.0.1 is my home router, which also works as a DNS server.
Of course, you’d have to set up your DHCP server to provide all this information to every DHCP request. But you are also able to edit /etc/resolv.conf and change those values. Keep in mind that they will be overwritten the next time a new DHCP lease is provided – unless you specify a static IP configuration on the agent (we’ll cover that in a future post).
How to resolve a URL
Now let’s see how we can test if DNS is working. We’ll also cover how to test specific DNS servers to see if they work and, if so, how fast they are.
There are several commands to do this, but below I will review the most common ones. If any of the following commands are not available on your Linux host, then install them with the following command:
host
The syntax and output are as follows:
netbeez.net$ host google.com google.com has address 172.217.164.110 google.com has IPv6 address 2607:f8b0:4005:80b::200e google.com mail is handled by 20 alt1.aspmx.l.google.com. google.com mail is handled by 50 alt4.aspmx.l.google.com. google.com mail is handled by 30 alt2.aspmx.l.google.com. google.com mail is handled by 10 aspmx.l.google.com. google.com mail is handled by 40 alt3.aspmx.l.google.com.
As you can see, host gives the IPv4 and IPv6 addresses for google.com as well as information about its mail servers.
All of these commands can do a reverse lookup if you give the IP address as follows:
netbeez.net$ host 172.217.164.110 110.164.217.172.in-addr.arpa domain name pointer sfo03s18-in-f14.1e100.net.
Like most commands, host has many options that help you slice and dice the output, or even get a more detailed and verbose output. For example, try adding the “-a” option (stands for “all”) and see what you get: host -a google.com
If you want to test a specific DNS server (other than the ones listed in your /etc/resolv.conf) then you can add its IP at the end of the command as follows:
netbeez.net$ host google.com 1.0.0.1 Using domain server: Name: 1.0.0.1 Address: 1.0.0.1#53 Aliases: google.com has address 172.217.6.46 google.com has IPv6 address 2607:f8b0:4005:808::200e google.com mail is handled by 10 aspmx.l.google.com. google.com mail is handled by 20 alt1.aspmx.l.google.com. google.com mail is handled by 30 alt2.aspmx.l.google.com. google.com mail is handled by 40 alt3.aspmx.l.google.com. google.com mail is handled by 50 alt4.aspmx.l.google.com.
nslookup
nslookup is very similar to host, but with a twist. In its basic form it resolves an address just like host, although the output is a bit different:
netbeez.net$ nslookup google.com Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: google.com Address: 172.217.164.110 netbeez.net$ nslookup google.com 1.0.0.1 Server: 1.0.0.1 Address: 1.0.0.1#53 Non-authoritative answer: Name: google.com Address: 216.58.194.206
As you can see, nslookup tells us which server has been used for the lookup (8.8.8.8 in the first query above, and 1.0.0.1 in the second one).
The twist is that nslookup has an interactive mode which you can use if you just type “nslookup” without any arguments. From that point, you can just type the webpage you want to resolve and hit enter. This way, you can resolve multiple pages without having to type “nslookup” all the time. To exit the interactive move type “exit” or hit Ctrl-C.
netbeez.net$ nslookup > google.com Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: google.com Address: 172.217.164.110 > netbeez.net Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: netbeez.net Address: 72.52.4.119 > exit
dig
dig stands for Domain Information Groper. The only syntax difference with the previous two commands is that when you provide a DNS server, you use the ‘@’ symbol:
netbeez.net$ dig google.com ; > DiG 9.10.3-P4-Raspbian > google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34386 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 122 IN A 172.217.164.110 ;; Query time: 102 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Oct 30 11:55:40 PDT 2018 ;; MSG SIZE rcvd: 55 netbeez.net$ dig google.com @1.0.0.1 ; > DiG 9.10.3-P4-Raspbian > google.com @1.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADERAs you can see, dig is much more verbose than the previous two commands. I am not going to break down every single output line; the most important difference is that dig provided the time it took to complete this query (“Query time:”). dig is the only one that does that out of the box.
As you may know, DNS resolution time is part of the user experience, and often we need to measure the performance of different DNS servers. You can see above that resolving google.com with both 8.8.8.8 and 1.0.0.1 takes around 100 mseconds. If instead I use my router (192.168.0.1) as the DNS server I get the following:
netbeez.net$ dig google.com @192.168.0.1 ; > DiG 9.10.3-P4-Raspbian > google.com @192.168.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADERYou see that it took only 17 mseconds. Of course, my home router won’t be able to resolve everything that is thrown at it, nonetheless it’s much faster for the address it has cached (which is expected).
Spot VPN, ISP, WiFi issues and more with Netbeez
6 Useful Tools to Troubleshoot DNS Name Resolution Problems
DNS (Domain Name System) is the phonebook of the internet. A Domain name is a unique alphanumeric address that users type in the URL bar in the browser in order to access a website.
Domain names enable users to access a website instead of using an IP address that maps onto every domain name. Sometimes, you may encounter DNS issues such as a misconfigured DNS server which might lead to downtime.
In this guide, we look at 6 tools you can leverage to troubleshoot DNS Name resolution problems in Linux.
1. Nslookup Command
The good old nslookup command has been around for a while. It’s a command-line tool that queries and provides detailed information about the internet domain name servers.
You would typically use the nslookup tool to obtain DNS records of a domain name such as the mapping between a domain name and its associated IP address. The information obtained from querying a DNS record is valuable in troubleshooting DNS-related issues.
To retrieve information about a DNS record, use the following syntax:
For example, to check the DNS record of a domain called linuxtechwhiz.info, run the command:
$ nslookup linuxtechwhiz.infoIf everything is okay, you should get output that resembles what we have here.
The first section displays information about the server used to obtain the DNS records. In this case, it is the local DNS server on my local network. Sometimes, this might be your router or an internal corporate server.
The second section displays the Fully Qualified Domain name and its corresponding IP address (Both IPv4 and IPv6). In some cases, like ours, IPv4 is the only active protocol.
For some domain names, both protocols are enabled. For example, if you query google.com, you find that the domain name maps to multiple IP addresses, both IPv4 and IPv6.
2. dig Command
Short for Domain Information Groper, dig is yet another command-line tool for querying Domain Name System (DNS) name servers. It’s a better DNS query tool and replaced the nslookup command.
The dig command allows you to perform DNS lookups and provide intricate details about various DNS records including A, MX, and SOA records.
The most straightforward way of probing a DNS record is by typing the dig command followed by the domain name and pressing ENTER.
The output of the dig command is quite verbose. To display the IP address mapping include the +short suffix as shown.
$ dig linuxtechwhiz.info +short 74.207.227.363. host Command
The host command is another handy tool you can use to handle manual DNS resolution. For example, you can perform a DNS forward lookup as shown.
You can also perform a reverse lookup as follows.
The -C option lets you query for the SOA records.
In addition, you can query for the MX records using the -t mx flags as shown.
To display all the information about a domain, pass the -a flag as shown.
4. ping Command
The ping command is mostly used to check the availability or reachability of a system or node.
You can test the connectivity of a domain name by pinging the domain as shown.
$ ping linuxtechwhiz.info -c 4A positive response implies that the name resolution is working as expected. An error points to a DNS resolution issue.
Moreover, you can ping the remote IP associated with the domain name to check if the system hosting your name is up and reachable.
The command-line tools that we have just looked at only provide limited information about your DNS records and cannot adequately be used to troubleshoot complex DNS issues.
5. MXToolBox
MXToolBox is a free online tool (paid for extra features) that provides fast and accurate network diagnostic and DNS lookup tools.
It provides you with a comprehensive outlook of your domain health, which includes monitoring your domain, displaying information about any DNS or IP blacklists, probing the email server for any issues, checking the web server, and running over 15 tests on your DNS server.
It’s a highly recommended tool if your sole purpose is to get to the bottom of any DNS-related issue.
6. IntoDNS
IntoDNS is another valuable tool that you can use to check and troubleshoot any DNS-related issues. In just a few seconds, it generates a detailed report about NS records, nameservers, SOA and MX records, TTL, refresh interval, and much more.
In addition, it provides information about mail servers’ IP address and their validity and any possible problem with your domain name.
Closing Thoughts
These are just a few tools that provide insights into your DNS records which come in handy in troubleshooting any faults or errors associated with your domain. We hope you found this guide insightful. Feel free to reach out with any comments or feedback.
