Hi all
If I do a "dig mydomain.co.za" from a Linux server, how do I know which DNS nameserver returns the queries?
I seem to have a faulty DNS server, but can't see which one, so I want to find out which nameserver (if there's 4 - ns1.myserver, ns2.myserver, ns3.myserver & ns4.myserver) returns the queries?
On Mon, Jul 07, 2008 at 05:25:58PM +0200, Rudi Ahlers wrote:
Hi all
If I do a "dig mydomain.co.za" from a Linux server, how do I know which DNS nameserver returns the queries?
I seem to have a faulty DNS server, but can't see which one, so I want to find out which nameserver (if there's 4 - ns1.myserver, ns2.myserver, ns3.myserver & ns4.myserver) returns the queries?
Towards the end of the output there should be a ;; SERVER: line that will tell you.
But you should probably just force the query to go to each of your listed servers and figure out which one is bad that way:
dig @ns1.myserver query dig @ns2.myserver query etc
Ray
DIG tells you which server returned the results. Look for the SERVER line, should be third from the bottom. If you want to query specific nameservers directly, use dig like this:
dig @ns1.myserver domainname.com dig @ns2.myserver domainname.com
etc, etc.
-Ken
----- Message from Rudi@SoftDux.com --------- Date: Mon, 07 Jul 2008 17:25:58 +0200 From: Rudi Ahlers Rudi@SoftDux.com Reply-To: CentOS mailing list centos@centos.org Subject: [CentOS] how do I find out which nameserver returns a DNS query? To: CentOS mailing list centos@centos.org
Hi all
If I do a "dig mydomain.co.za" from a Linux server, how do I know which DNS nameserver returns the queries?
I seem to have a faulty DNS server, but can't see which one, so I want to find out which nameserver (if there's 4 - ns1.myserver, ns2.myserver, ns3.myserver & ns4.myserver) returns the queries?
--
Kind Regards Rudi Ahlers CEO, SoftDux
Web: http://www.SoftDux.com Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff, or visit http://www.WebHostingTalk.co.za for Web Hosting stuff
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
----- End message from Rudi@SoftDux.com -----
Ken Price wrote:
DIG tells you which server returned the results. Look for the SERVER line, should be third from the bottom. If you want to query specific nameservers directly, use dig like this:
dig @ns1.myserver domainname.com dig @ns2.myserver domainname.com
etc, etc.
-Ken
----- Message from Rudi@SoftDux.com --------- Date: Mon, 07 Jul 2008 17:25:58 +0200 From: Rudi Ahlers Rudi@SoftDux.com Reply-To: CentOS mailing list centos@centos.org Subject: [CentOS] how do I find out which nameserver returns a DNS query? To: CentOS mailing list centos@centos.org
Hi all
If I do a "dig mydomain.co.za" from a Linux server, how do I know which DNS nameserver returns the queries?
I seem to have a faulty DNS server, but can't see which one, so I want to find out which nameserver (if there's 4 - ns1.myserver, ns2.myserver, ns3.myserver & ns4.myserver) returns the queries?
--
Kind Regards Rudi Ahlers CEO, SoftDux
Hi Ken
I thought dig would return it, but it doesn't.
Look at this:
dig hfserver1.hostfactor.co.za
; <<>> DiG 9.3.3rc2 <<>> hfserver1.hostfactor.co.za ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17016 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;hfserver1.hostfactor.co.za. IN A
;; ANSWER SECTION: hfserver1.hostfactor.co.za. 6000 IN A 196.34.136.50
;; Query time: 287 msec ;; SERVER: 4.2.2.1#53(4.2.2.1) ;; WHEN: Mon Jul 7 17:36:45 2008 ;; MSG SIZE rcvd: 60
I know I can dig @server - but I want to know which is the active server that returns a result at the moment
This line ...
;; SERVER: 4.2.2.1#53(4.2.2.1)
... tells you the DNS server which returned the result, which in this case, is more than likely a caching (recursive) DNS server. If verbose enough logging is enabled on that caching server, it should tell you which primary DNS server returned a particular query result. The "@ns1.myserver" feature in DIG allows you to do that test directly from your workstation to the primary DNS server(s). Is there any particular reason this won't work for you? Perhaps if you explained your problem in more detail, someone on this list could offer alternative methods of troubleshooting.
Regards, Ken
----- Message from Rudi@SoftDux.com --------- Date: Mon, 07 Jul 2008 17:38:22 +0200 From: Rudi Ahlers Rudi@SoftDux.com Reply-To: CentOS mailing list centos@centos.org Subject: Re: [CentOS] how do I find out which nameserver returns a DNS query? To: CentOS mailing list centos@centos.org
Hi Ken
I thought dig would return it, but it doesn't.
Look at this:
dig hfserver1.hostfactor.co.za
; <<>> DiG 9.3.3rc2 <<>> hfserver1.hostfactor.co.za ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17016 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;hfserver1.hostfactor.co.za. IN A
;; ANSWER SECTION: hfserver1.hostfactor.co.za. 6000 IN A 196.34.136.50
;; Query time: 287 msec ;; SERVER: 4.2.2.1#53(4.2.2.1) ;; WHEN: Mon Jul 7 17:36:45 2008 ;; MSG SIZE rcvd: 60
I know I can dig @server - but I want to know which is the active server that returns a result at the moment
--
Kind Regards Rudi Ahlers CEO, SoftDux
Web: http://www.SoftDux.com Check out my technical blog, http://blog.softdux.com for Linux or other technical stuff, or visit http://www.WebHostingTalk.co.za for Web Hosting stuff
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
----- End message from Rudi@SoftDux.com -----
Ken Price wrote:
This line ...
;; SERVER: 4.2.2.1#53(4.2.2.1)
... tells you the DNS server which returned the result, which in this case, is more than likely a caching (recursive) DNS server. If verbose enough logging is enabled on that caching server, it should tell you which primary DNS server returned a particular query result. The "@ns1.myserver" feature in DIG allows you to do that test directly from your workstation to the primary DNS server(s). Is there any particular reason this won't work for you? Perhaps if you explained your problem in more detail, someone on this list could offer alternative methods of troubleshooting.
Regards, Ken
----- Message from Rudi@SoftDux.com --------- Date: Mon, 07 Jul 2008 17:38:22 +0200 From: Rudi Ahlers Rudi@SoftDux.com Reply-To: CentOS mailing list centos@centos.org Subject: Re: [CentOS] how do I find out which nameserver returns a DNS query? To: CentOS mailing list centos@centos.org
Hi Ken
I thought dig would return it, but it doesn't.
Look at this:
dig hfserver1.hostfactor.co.za
; <<>> DiG 9.3.3rc2 <<>> hfserver1.hostfactor.co.za ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17016 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION: ;hfserver1.hostfactor.co.za. IN A
;; ANSWER SECTION: hfserver1.hostfactor.co.za. 6000 IN A 196.34.136.50
;; Query time: 287 msec ;; SERVER: 4.2.2.1#53(4.2.2.1) ;; WHEN: Mon Jul 7 17:36:45 2008 ;; MSG SIZE rcvd: 60
I know I can dig @server - but I want to know which is the active server that returns a result at the moment
--
Ok, sorry, let me re-phrase.
I want to know on my own server, which of my nameservers replied to the DNS query. In this example 4.2.2.1 is our ISP's upstream DNS server, which is configured in /etc/resolv.conf - so it should technically appear there.
But, let's say I query host1.myserver.co.za - and myserver.co.za is on another server, and has ns1.myserver.co.za, ns2.myserver.co.za, ns3myserver.co.za & ns4.myserver.co.za
So, as far as I know, any one of those can reply (round robbin DNS?), but I would like to know which one replies for this particular dig. Is that possible? I don't want to specify a server to query, I want to find out which of the 4 returns the query. If it's a cached reply, does it mean I won't see it?
Ok, sorry, let me re-phrase.
I want to know on my own server, which of my nameservers replied to the DNS query. In this example 4.2.2.1 is our ISP's upstream DNS server, which is configured in /etc/resolv.conf - so it should technically appear there.
But, let's say I query host1.myserver.co.za - and myserver.co.za is on another server, and has ns1.myserver.co.za, ns2.myserver.co.za, ns3myserver.co.za & ns4.myserver.co.za
So, as far as I know, any one of those can reply (round robbin DNS?), but I would like to know which one replies for this particular dig. Is that possible? I don't want to specify a server to query, I want to find out which of the 4 returns the query. If it's a cached reply, does it mean I won't see it?
--
Hmm. As far as I know, the only place you can find that information is on the caching DNS server responding to your queries. If you want those details, setup your own recursive name server and enable verbose logging.
Anyone else with ideas?
-Ken
Ken Price wrote:
Hmm. As far as I know, the only place you can find that information is on the caching DNS server responding to your queries. If you want those details, setup your own recursive name server and enable verbose logging.
Anyone else with ideas?
Run tcpdump on the client machine and see which system sends a reply?
$ host www.nasa.gov www.nasa.gov is an alias for www.nasa.gov.speedera.net. www.nasa.gov.speedera.net is an alias for www.nasa.gov.edgesuite.net. www.nasa.gov.edgesuite.net is an alias for a1718.x.akamai.net. a1718.x.akamai.net has address 216.39.150.135 a1718.x.akamai.net has address 216.39.150.136
# tcpdump -i eth0 -n port 53 | grep nasa tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 11:35:22.345956 IP 216.39.174.24.53 > 209.97.207.48.53: 55994 [1au] A? www.nasa.gov. (41) 11:35:22.384898 IP 216.39.174.24.53 > 198.116.4.181.53: 5495 [1au] A? www.nasa.gov. (41) 11:35:22.480205 IP 216.39.174.24.53 > 192.26.92.30.53: 34592 [1au] A? www.nasa.gov.speedera.net. (54) 11:35:22.582535 IP 216.39.174.24.53 > 63.209.3.131.53: 42385 [1au] A? www.nasa.gov.speedera.net. (54) 11:35:22.619921 IP 216.39.174.24.53 > 63.209.3.131.53: 42385 A? www.nasa.gov.speedera.net. (43) 11:35:22.692525 IP 216.39.174.24.53 > 64.211.42.196.53: 27350 [1au] A? www.nasa.gov.edgesuite.net. (55) 11:35:22.797816 IP 216.39.174.24.53 > 64.211.42.196.53: 27350 A? www.nasa.gov.edgesuite.net. (44)
My internal name server forces the source port to be 53, so you may not want to use the port 53 option if your source port is random.
nate
Ken Price wrote:
Please do not top post! It makes life harder in mailing lists.
http://www.centos.org/modules/tinycontent/index.php?id=16 (item 2, "Guidelines for CentOS Mailing List posts")
I didn't include the last replies but it's all messed up.
Dude. Give me a break. I was just quick-replying and not thinking. Reply privately next time.
-Ken
Hi Ken,
I didn't want to be rude or anything. It's just that those top posting are coming again and again. It makes threads harder to read and the posting guidelines to the CentOS list are public and well defined.
I thank you for your help. But people have to realize that these guidelines are not just for fun or temporary. The more people know about it, the better it is for the sake of the list. That's why i'll CC to the list, it's good for people that don't know about the guidelines. Maybe you were not aware of them, now you are and thanks for that.
Regards,
Guy Boisvert, ing. IngTegration inc.
Ok, sorry, let me re-phrase.
I want to know on my own server, which of my nameservers replied to the DNS query. In this example 4.2.2.1 is our ISP's upstream DNS server, which is configured in /etc/resolv.conf - so it should technically appear there.
But, let's say I query host1.myserver.co.za - and myserver.co.za is on another server, and has ns1.myserver.co.za, ns2.myserver.co.za, ns3myserver.co.za & ns4.myserver.co.za
So, as far as I know, any one of those can reply (round robbin DNS?), but I would like to know which one replies for this particular dig. Is that possible? I don't want to specify a server to query, I want to find out which of the 4 returns the query. If it's a cached reply, does it mean I won't see it?
is "dig +trace host" what you are looking for? if not then the bind-users mailing list is a fantastic resource for all dns queries (pun intended)
mike
On Wed, July 9, 2008 10:17 am, Michael Simpson wrote:
Ok, sorry, let me re-phrase.
I want to know on my own server, which of my nameservers replied to the DNS query. In this example 4.2.2.1 is our ISP's upstream DNS server, which is configured in /etc/resolv.conf - so it should technically appear there.
But, let's say I query host1.myserver.co.za - and myserver.co.za is on another server, and has ns1.myserver.co.za, ns2.myserver.co.za, ns3myserver.co.za & ns4.myserver.co.za
So, as far as I know, any one of those can reply (round robbin DNS?), but I would like to know which one replies for this particular dig. Is that possible? I don't want to specify a server to query, I want to find out which of the 4 returns the query. If it's a cached reply, does it mean I won't see it?
At the end of your dig reply you will see the following..
;; Query time: 26 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jul 9 10:49:40 2008 ;; MSG SIZE rcvd: 297
That tells you which server answered the query.
HTH
Brian wrote:
On Wed, July 9, 2008 10:17 am, Michael Simpson wrote:
Ok, sorry, let me re-phrase.
I want to know on my own server, which of my nameservers replied to the DNS query. In this example 4.2.2.1 is our ISP's upstream DNS server, which is configured in /etc/resolv.conf - so it should technically appear there.
But, let's say I query host1.myserver.co.za - and myserver.co.za is on another server, and has ns1.myserver.co.za, ns2.myserver.co.za, ns3myserver.co.za & ns4.myserver.co.za
So, as far as I know, any one of those can reply (round robbin DNS?), but I would like to know which one replies for this particular dig. Is that possible? I don't want to specify a server to query, I want to find out which of the 4 returns the query. If it's a cached reply, does it mean I won't see it?
At the end of your dig reply you will see the following..
;; Query time: 26 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jul 9 10:49:40 2008 ;; MSG SIZE rcvd: 297
That tells you which server answered the query.
HTH
Hi Brain
I think you have missed a reply on this topic :)
That's the ISP's DNS server you see there.
dig +trace domain is what I needed
Ken Price wrote:
DIG tells you which server returned the results. Look for the SERVER line, should be third from the bottom. If you want to query specific nameservers directly, use dig like this:
dig @ns1.myserver domainname.com dig @ns2.myserver domainname.com
etc, etc.
-Ken
Hi Ken,
Please do not top post! It makes life harder in mailing lists.
http://www.centos.org/modules/tinycontent/index.php?id=16 (item 2, "Guidelines for CentOS Mailing List posts")
I didn't include the last replies but it's all messed up.
Thanks !
Guy Boisvert, ing. IngTegration inc.
-
Brian -
Guy Boisvert -
Ken Price -
Michael Simpson -
nate -
Ray Van Dolson -
Rudi Ahlers