Follow

How do I use DiG or NSLookup to verify DNS records?

Tools such as DiG or NSLookup are used to verify DNS records are being resolved correctly. First, query an external DNS server (such as Google public DNS at 8.8.8.8) to confirm the appropriate server is acting as the authority. If queries are being resolved incorrectly by a server other than the Ecessa appliance, the DNS records on the server will need to be updated. Below are examples for tracing a DNS query, determining authority, and testing records configured on the Ecessa appliance using the DiG and NSLookup utilities.

DiG command syntax:

 Image1.png

The server can be identified by IP address or Fully Qualified Domain Name (FQDN).

 

Using DiG to trace lines of authority for a DNS query:

C:\>dig @8.8.8.8 www.google.com +trace +nodnssec

; <<>> DiG 9.9.1-P3 <<>> @8.8.8.8 www.google.com +trace +nodnssec

; (1 server found)

;; global options: +cmd

.                       3890    IN      NS      j.root-servers.net.

.                       3890    IN      NS      a.root-servers.net.

.                       3890    IN      NS      m.root-servers.net.

.                       3890    IN      NS      f.root-servers.net.

.                       3890    IN      NS      i.root-servers.net.

.                       3890    IN      NS      c.root-servers.net.

.                       3890    IN      NS      k.root-servers.net.

.                       3890    IN      NS      e.root-servers.net.

.                       3890    IN      NS      h.root-servers.net.

.                       3890    IN      NS      d.root-servers.net.

.                       3890    IN      NS      l.root-servers.net.

.                       3890    IN      NS      b.root-servers.net.

.                       3890    IN      NS      g.root-servers.net.

;; Received 239 bytes from 8.8.8.8#53(8.8.8.8) in 84 ms

 

com.                    172800  IN      NS      a.gtld-servers.net.

com.                    172800  IN      NS      b.gtld-servers.net.

com.                    172800  IN      NS      c.gtld-servers.net.

com.                    172800  IN      NS      d.gtld-servers.net.

com.                    172800  IN      NS      e.gtld-servers.net.

com.                    172800  IN      NS      f.gtld-servers.net.

com.                    172800  IN      NS      g.gtld-servers.net.

com.                    172800  IN      NS      h.gtld-servers.net.

com.                    172800  IN      NS      i.gtld-servers.net.

com.                    172800  IN      NS      j.gtld-servers.net.

com.                    172800  IN      NS      k.gtld-servers.net.

com.                    172800  IN      NS      l.gtld-servers.net.

com.                    172800  IN      NS      m.gtld-servers.net.

;; Received 531 bytes from 128.63.2.53#53(128.63.2.53) in 105 ms

 

google.com.             172800  IN      NS      ns2.google.com.

google.com.             172800  IN      NS      ns1.google.com.

google.com.             172800  IN      NS      ns3.google.com.

google.com.             172800  IN      NS      ns4.google.com.

;; Received 179 bytes from 192.33.14.30#53(192.33.14.30) in 59 ms

 

www.google.com.         300     IN      A       74.125.225.210

www.google.com.         300     IN      A       74.125.225.212

www.google.com.         300     IN      A       74.125.225.211

www.google.com.         300     IN      A       74.125.225.209

www.google.com.         300     IN      A       74.125.225.208

;; Received 112 bytes from 216.239.32.10#53(216.239.32.10) in 69 ms

 

Examining the trace we see that the authority for “google.com” are the name servers: ns2.google.com, ns1.google.com, ns3.google.com, and ns4.google.com. These are highlighted in bold. Finally, an authority is queried to resolve “www.google.com” and the A records are listed at the end of the trace. The very last line notes which server responded with the answer.

A reverse lookup (dig –x) can confirm the answers came from ns1.google.com:

C:\>dig -x 216.239.32.10

; <<>> DiG 9.9.1-P3 <<>> -x 216.239.32.10

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2672

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;10.32.239.216.in-addr.arpa.    IN      PTR

 

;; ANSWER SECTION:

10.32.239.216.in-addr.arpa. 73804 IN    PTR     ns1.google.com.

 

;; Query time: 4 msec

;; SERVER: 192.168.1.50#53(192.168.1.50)

;; WHEN: Thu Jan 10 12:52:08 2013

;; MSG SIZE  rcvd: 83

 

The previous example shows the lines of authority. The Ecessa appliance should be the authority for the domain and resolving DNS queries.  The following examples will show different ways to test DNS resolution from the Ecessa appliance to confirm DNS queries are being resolved correctly. For the following examples, the WAN IP address for the Ecessa appliance is 12.34.56.78 and the domain is example.com.

Using DiG to test DNS resolution from the Ecessa appliance:

C:\>dig @198.51.100.2 example.com

; <<>> DiG 9.9.1-P3 <<>> @198.51.100.2 example.com

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61715

;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; WARNING: recursion requested but not available

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;example.com.                   IN      A

 

;; ANSWER SECTION:

example.com.            30      IN      A       198.51.100.20

 

;; AUTHORITY SECTION:

example.com.            360     IN      NS      ns1.example.com.

example.com.            360     IN      NS      ns2.example.com.

 

;; ADDITIONAL SECTION:

ns1.example.com.        360     IN      A       198.51.100.2

ns2.example.com.        360     IN      A       203.0.113.66

 

;; Query time: 5 msec

;; SERVER: 198.51.100.2#53(198.51.100.2)

;; WHEN: Wed Jan 16 11:54:00 2013

;; MSG SIZE  rcvd: 135

 

Testing a Load-Balanced Host Record (Round-Robin):

C:\>dig @198.51.100.2 www.example.com

; <<>> DiG 9.9.1-P3 <<>> @198.51.100.2 www.example.com

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55767

;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3

;; WARNING: recursion requested but not available

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.example.com.               IN      A

 

;; ANSWER SECTION:

www.example.com.        30      IN      A       203.0.113.46

www.example.com.        30      IN      A       198.51.100.20

 

;; AUTHORITY SECTION:

example.com.            360     IN      NS      ns1.example.com.

example.com.            360     IN      NS      ns2.example.com.

 

;; ADDITIONAL SECTION:

ns1.example.com.        360     IN      A       198.51.100.2

ns2.example.com.        360     IN      A       203.0.113.66

 

;; Query time: 35 msec

;; SERVER: 198.51.100.2#53(198.51.100.2)

;; WHEN: Wed Jan 16 11:55:56 2013

;; MSG SIZE  rcvd: 159

 

With load-balanced host records, the Ecessa appliance will answer a query with the configured addresses, in this case 198.51.100.20 and 203.0.113.46, which will be sent to clients in a round-robin fashion.

 

Testing a Load-Balanced Host Record (Redundancy Only):

C:\>dig @198.51.100.2 www.example.com

; <<>> DiG 9.9.1-P3 <<>> @198.51.100.2 www.example.com

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50065

;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; WARNING: recursion requested but not available

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;www.example.com.               IN      A

 

;; ANSWER SECTION:

www.example.com.        30      IN      A       198.51.100.20

 

;; AUTHORITY SECTION:

example.com.            360     IN      NS      ns1.example.com.

example.com.            360     IN      NS      ns2.example.com.

 

;; ADDITIONAL SECTION:

ns1.example.com.        360     IN      A       198.51.100.2

ns2.example.com.        360     IN      A       203.0.113.66

 

;; Query time: 38 msec

;; SERVER: 198.51.100.2#53(198.51.100.2)

;; WHEN: Wed Jan 16 11:55:29 2013

;; MSG SIZE  rcvd: 143

When a load-balanced host record is configured for Redundancy Only, the Ecessa appliance will answer a query with the first configured IP address. If the first IP address belongs to a WAN that is currently down, the Ecessa will answer the query with a different configured IP address from an operational WAN line if possible. If there are no IP addresses from operational WAN lines, the query will resolve with a blank for the IP address.

 

Testing for specific record types (NS Records):

C:\>dig @198.51.100.2 example.com -t ns

; <<>> DiG 9.9.1-P3 <<>> @198.51.100.2 example.com -t ns

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15595

;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3

;; WARNING: recursion requested but not available

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;example.com.                   IN      NS

 

;; ANSWER SECTION:

example.com.            360     IN      NS      ns1.example.com.

example.com.            360     IN      NS      ns2.example.com.

 

;; ADDITIONAL SECTION:

ns1.example.com.        360     IN      A       198.51.100.2

ns2.example.com.        360     IN      A       203.0.113.66

 

;; Query time: 29 msec

;; SERVER: 198.51.100.2#53(198.51.100.2)

;; WHEN: Wed Jan 16 11:56:21 2013

;; MSG SIZE  rcvd: 119

 

Testing for specific record types (MX Records):

C:\>dig @198.51.100.2 example.com -t mx

; <<>> DiG 9.9.1-P3 <<>> @198.51.100.2 example.com -t mx

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21888

;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4

;; WARNING: recursion requested but not available

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;example.com.                   IN      MX

 

;; ANSWER SECTION:

example.com.            30      IN      MX      10 mail.example.com.

 

;; AUTHORITY SECTION:

example.com.            360     IN      NS      ns1.example.com.

example.com.            360     IN      NS      ns2.example.com.

 

;; ADDITIONAL SECTION:

mail.example.com.       30      IN      A       198.51.100.88

ns1.example.com.        360     IN      A       198.51.100.2

ns2.example.com.        360     IN      A       203.0.113.66

 

;; Query time: 35 msec

;; SERVER: 198.51.100.2#53(198.51.100.2)

;; WHEN: Wed Jan 16 11:56:37 2013

;; MSG SIZE  rcvd: 156

 

In this example domain, the MX record points to mail.example.com:

C:\>dig @198.51.100.2 mx.example.com

; <<>> DiG 9.9.1-P3 <<>> @198.51.100.2 mx.example.com

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46595

;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3

;; WARNING: recursion requested but not available

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;mx.example.com.                        IN      A

 

;; ANSWER SECTION:

mx.example.com.         30      IN      CNAME   mail.example.com.

mail.example.com.       30      IN      A       198.51.100.88

 

;; AUTHORITY SECTION:

example.com.            360     IN      NS      ns1.example.com.

example.com.            360     IN      NS      ns2.example.com.

 

;; ADDITIONAL SECTION:

ns1.example.com.        360     IN      A       198.51.100.2

ns2.example.com.        360     IN      A       203.0.113.66

 

;; Query time: 4 msec

;; SERVER: 198.51.100.2#53(198.51.100.2)

;; WHEN: Wed Jan 16 12:04:32 2013

;; MSG SIZE  rcvd: 160

 

NSLookup command syntax:

 Image2.png

The server can be identified by IP address or Fully Qualified Domain Name (FQDN).

 

Using NSLookup to determine the authoritative name servers for the domain from the SOA record:

C:\>nslookup -type=SOA google.com. 8.8.8.8

Server:  google-public-dns-a.google.com

Address:  8.8.8.8

 

Non-authoritative answer:

google.com

        primary name server = ns1.google.com

        responsible mail addr = dns-admin.google.com

        serial  = 2013010300

        refresh = 7200 (2 hours)

        retry   = 1800 (30 mins)

        expire  = 1209600 (14 days)

        default TTL = 300 (5 mins)

 

C:\>nslookup www.google.com ns1.google.com

Server:  ns1.google.com

Address:  216.239.32.10

 

Name:    www.google.com

Addresses:  2607:f8b0:400f:801::1012

          74.125.225.210

          74.125.225.212

          74.125.225.211

          74.125.225.209

          74.125.225.208


Using NSLookup with the “debug” option:

C:\>nslookup -debug www.google.com. ns1.google.com

------------

Got answer:

    HEADER:

        opcode = QUERY, id = 1, rcode = NOERROR

        header flags:  response, auth. answer, want recursion

        questions = 1,  answers = 1,  authority records = 0,  additional = 0

 

    QUESTIONS:

        10.32.239.216.in-addr.arpa, type = PTR, class = IN

    ANSWERS:

    ->  10.32.239.216.in-addr.arpa

        name = ns1.google.com

        ttl = 86400 (1 day)

 

------------

Server:  ns1.google.com

Address:  216.239.32.10

 

------------

Got answer:

    HEADER:

        opcode = QUERY, id = 2, rcode = NOERROR

        header flags:  response, auth. answer, want recursion

        questions = 1,  answers = 5,  authority records = 0,  additional = 0

 

    QUESTIONS:

        www.google.com, type = A, class = IN

    ANSWERS:

    ->  www.google.com

        internet address = 74.125.225.212

        ttl = 300 (5 mins)

    ->  www.google.com

        internet address = 74.125.225.210

        ttl = 300 (5 mins)

    ->  www.google.com

        internet address = 74.125.225.209

        ttl = 300 (5 mins)

    ->  www.google.com

        internet address = 74.125.225.208

        ttl = 300 (5 mins)

    ->  www.google.com

        internet address = 74.125.225.211

        ttl = 300 (5 mins)

 

------------

------------

Got answer:

    HEADER:

        opcode = QUERY, id = 3, rcode = NOERROR

        header flags:  response, auth. answer, want recursion

        questions = 1,  answers = 1,  authority records = 0,  additional = 0

 

    QUESTIONS:

        www.google.com, type = AAAA, class = IN

    ANSWERS:

    ->  www.google.com

        AAAA IPv6 address = 2607:f8b0:400f:801::1013

        ttl = 300 (5 mins)

 

------------

Name:    www.google.com

Addresses:  2607:f8b0:400f:801::1013

          74.125.225.212

          74.125.225.210

          74.125.225.209

          74.125.225.208

          74.125.225.211

 

Using NSLookup to test DNS resolution from the Ecessa appliance:

C:\>nslookup -type=SOA example.com. 198.51.100.2

Server:  ns1.example.com

Address:  198.51.100.2

 

example.com

        primary name server = ns1.example.com

        responsible mail addr = hostmaster@example.com

        serial  = 2013011604

        refresh = 360 (6 mins)

        retry   = 60 (1 min)

        expire  = 86400 (1 day)

        default TTL = 30 (30 secs)

example.com     nameserver = ns1.example.com

example.com     nameserver = ns2.example.com

ns1.example.com internet address = 198.51.100.2

ns2.example.com internet address = 203.0.113.66

 

C:\>nslookup example.com. 198.51.100.2

Server:  ns1.example.com

Address:  198.51.100.2

 

Name:    example.com

Addresses:  198.51.100.20

          203.0.113.46

 

Testing a Load-Balanced Host Record (Round-Robin):

C:\>nslookup www.example.com. 198.51.100.2

Server:  ns1.example.com

Address:  198.51.100.2

 

Name:    www.example.com

Addresses:  198.51.100.20

          203.0.113.46

 

Testing a Load-Balanced Host Record (Redundancy Only):

C:\>nslookup www.example.com. 198.51.100.2

Server:  ns1.example.com

Address:  198.51.100.2

 

Name:    www.example.com

Address:  198.51.100.20

 

Testing for specific record types (NS Records):

C:\>nslookup -type=ns example.com. 198.51.100.2

Server:  ns1.example.com

Address:  198.51.100.2

 

example.com     nameserver = ns1.example.com

example.com     nameserver = ns2.example.com

ns1.example.com internet address = 198.51.100.2

ns2.example.com internet address = 203.0.113.66

Testing for specific record types (MX Records):

C:\>nslookup -type=mx example.com. 198.51.100.2

Server:  ns1.example.com

Address:  198.51.100.2

 

example.com     MX preference = 10, mail exchanger = mail.example.com

example.com     nameserver = ns1.example.com

example.com     nameserver = ns2.example.com

mail.example.com        internet address = 198.51.100.88

ns1.example.com internet address = 198.51.100.2

ns2.example.com internet address = 203.0.113.66

 

In this example domain, the MX record points to mail.example.com:

C:\>nslookup mx.example.com. 198.51.100.2

Server:  ns1.example.com

Address:  198.51.100.2

 

Name:    mail.example.com

Address:  198.51.100.88

Aliases:  mx.example.com

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.