Can I see what happens when I run a DNS query?
Clash Royale CLAN TAG#URR8PPP
up vote
3
down vote
favorite
My understanding is that when my computer wants to resolve a host name, it will ask the DHCP-assigned DNS servers first. If those donâÂÂt know, it goes and asks the âÂÂroot serversâ who then defer to another server, etc.
Using dig or a similar tool, is it possible to see the string of servers that get asked, in a similar way as traceroute shows how packets travel to a certain destination!
dns
add a comment |Â
up vote
3
down vote
favorite
My understanding is that when my computer wants to resolve a host name, it will ask the DHCP-assigned DNS servers first. If those donâÂÂt know, it goes and asks the âÂÂroot serversâ who then defer to another server, etc.
Using dig or a similar tool, is it possible to see the string of servers that get asked, in a similar way as traceroute shows how packets travel to a certain destination!
dns
add a comment |Â
up vote
3
down vote
favorite
up vote
3
down vote
favorite
My understanding is that when my computer wants to resolve a host name, it will ask the DHCP-assigned DNS servers first. If those donâÂÂt know, it goes and asks the âÂÂroot serversâ who then defer to another server, etc.
Using dig or a similar tool, is it possible to see the string of servers that get asked, in a similar way as traceroute shows how packets travel to a certain destination!
dns
My understanding is that when my computer wants to resolve a host name, it will ask the DHCP-assigned DNS servers first. If those donâÂÂt know, it goes and asks the âÂÂroot serversâ who then defer to another server, etc.
Using dig or a similar tool, is it possible to see the string of servers that get asked, in a similar way as traceroute shows how packets travel to a certain destination!
dns
dns
asked Aug 11 at 9:02
Rob de Jonge
1163
1163
add a comment |Â
add a comment |Â
3 Answers
3
active
oldest
votes
up vote
5
down vote
As others have already answered, most usually a host sends a recursive query to a nominated resolver, often a local server or router, often belonging to an ISP or Google's well-known (distributed) 8.8.8.8
and 8.8.4.4
. Typically it will have a couple defined, and if the first doesn't respond, it will move to the next after a timeout.
Name resolvers are free to use whatever algorithm they like, including just ask for NS
records (for com.
, stackexchange.com.
right from the top) then an A
record. And also caching, within responded time-to-live parameters.
To find out what a particular name resolver does you'll need to monitor packets or have access to the server.
But you can certainly do it manually if you're trying to follow a chain, such as for debugging broken delegations, missing glue records and so on.
To resolve the A
record of www.stackexchange.com
:
Find a root zone server from the list, which every resolver will have installed:
http://www.internic.net/domain/named.root
We pick the first one, 198.4.10.4
Ask who to ask:
nslookup -norecurse -query=ns www.stackexchange.com 198.41.0.4
Root server says "Don't ask me, ask com
questions ate.gtld-servers.net
", and helpfully gives the address:
Authoritative answers can be found from:
com nameserver = e.gtld-servers.net.
e.gtld-servers.net internet address = 192.12.94.30
(other answers trimmed)
Ask e.gtld-servers.net
who to ask:
nslookup -norecurse -query=ns www.stackexchange.com 192.12.94.30
He says "don't ask me, ask stackexchange.com
questions at ns-925
", and helpfully gives the address.
Non-authoritative answer:
*** Can't find www.stackexchange.com: No answer
Authoritative answers can be found from:
stackexchange.com nameserver = ns-925.awsdns-51.net.
ns-925.awsdns-51.net internet address = 205.251.195.157
...
We see that ns-925
is nameserver for the domain we're after (stackexchange.com
) so we ask for the A
record:
nslookup -norecurse -query=a www.stackexchange.com 205.251.195.157
He says gives a CNAME
response:
www.stackexchange.com canonical name = stackexchange.com.
But as it's a nameserver for that as well, it (helpfully) gave us the the A
record of the CNAME
record:
Name: stackexchange.com
Address: 151.101.129.69
Very exhaustive. Thank you so much for writing this down. What IâÂÂm trying to do is troubleshoot a connection issue for my DSL. IâÂÂm trying to make sure DNS is not the issue, if a delay in the response I get isnâÂÂt causing the slow start of connections IâÂÂm experiencing despite 20ms ping. I will play around a bit more with dig and see what I find.
â Rob de Jonge
Aug 11 at 12:38
Slow startup of TCP connections has many potential causes, but certainly DNS delays are one of them. Timing resolution at different DNS resolvers is a good place to start; alsotcpdump -ttt
to see where any pauses are.
â jonathanjo
Aug 11 at 12:41
ThatâÂÂs my day gone tomorrow! ;-) Thanks so much.
â Rob de Jonge
Aug 11 at 12:42
add a comment |Â
up vote
3
down vote
A normal DNS client just queries the (DHCP or statically) assigned DNS servers. Only DNS servers usually query root servers, doing a recursive query.
You can use a packet capture of your choice and filter for UDP (TCP) source or destination port 53 to see the communication with any DNS server.
Which servers and exact method a DNS client uses is up to the OS or the application and off-topic here.
add a comment |Â
up vote
2
down vote
I think you are looking for dig +trace. The following command
dig +trace networkengineering.stackexchange.com
will query the root name servers (NS) for the NS of .com, then the .com NS for the NS of stackexchange and finally will get an answer for networkengineering.
add a comment |Â
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
5
down vote
As others have already answered, most usually a host sends a recursive query to a nominated resolver, often a local server or router, often belonging to an ISP or Google's well-known (distributed) 8.8.8.8
and 8.8.4.4
. Typically it will have a couple defined, and if the first doesn't respond, it will move to the next after a timeout.
Name resolvers are free to use whatever algorithm they like, including just ask for NS
records (for com.
, stackexchange.com.
right from the top) then an A
record. And also caching, within responded time-to-live parameters.
To find out what a particular name resolver does you'll need to monitor packets or have access to the server.
But you can certainly do it manually if you're trying to follow a chain, such as for debugging broken delegations, missing glue records and so on.
To resolve the A
record of www.stackexchange.com
:
Find a root zone server from the list, which every resolver will have installed:
http://www.internic.net/domain/named.root
We pick the first one, 198.4.10.4
Ask who to ask:
nslookup -norecurse -query=ns www.stackexchange.com 198.41.0.4
Root server says "Don't ask me, ask com
questions ate.gtld-servers.net
", and helpfully gives the address:
Authoritative answers can be found from:
com nameserver = e.gtld-servers.net.
e.gtld-servers.net internet address = 192.12.94.30
(other answers trimmed)
Ask e.gtld-servers.net
who to ask:
nslookup -norecurse -query=ns www.stackexchange.com 192.12.94.30
He says "don't ask me, ask stackexchange.com
questions at ns-925
", and helpfully gives the address.
Non-authoritative answer:
*** Can't find www.stackexchange.com: No answer
Authoritative answers can be found from:
stackexchange.com nameserver = ns-925.awsdns-51.net.
ns-925.awsdns-51.net internet address = 205.251.195.157
...
We see that ns-925
is nameserver for the domain we're after (stackexchange.com
) so we ask for the A
record:
nslookup -norecurse -query=a www.stackexchange.com 205.251.195.157
He says gives a CNAME
response:
www.stackexchange.com canonical name = stackexchange.com.
But as it's a nameserver for that as well, it (helpfully) gave us the the A
record of the CNAME
record:
Name: stackexchange.com
Address: 151.101.129.69
Very exhaustive. Thank you so much for writing this down. What IâÂÂm trying to do is troubleshoot a connection issue for my DSL. IâÂÂm trying to make sure DNS is not the issue, if a delay in the response I get isnâÂÂt causing the slow start of connections IâÂÂm experiencing despite 20ms ping. I will play around a bit more with dig and see what I find.
â Rob de Jonge
Aug 11 at 12:38
Slow startup of TCP connections has many potential causes, but certainly DNS delays are one of them. Timing resolution at different DNS resolvers is a good place to start; alsotcpdump -ttt
to see where any pauses are.
â jonathanjo
Aug 11 at 12:41
ThatâÂÂs my day gone tomorrow! ;-) Thanks so much.
â Rob de Jonge
Aug 11 at 12:42
add a comment |Â
up vote
5
down vote
As others have already answered, most usually a host sends a recursive query to a nominated resolver, often a local server or router, often belonging to an ISP or Google's well-known (distributed) 8.8.8.8
and 8.8.4.4
. Typically it will have a couple defined, and if the first doesn't respond, it will move to the next after a timeout.
Name resolvers are free to use whatever algorithm they like, including just ask for NS
records (for com.
, stackexchange.com.
right from the top) then an A
record. And also caching, within responded time-to-live parameters.
To find out what a particular name resolver does you'll need to monitor packets or have access to the server.
But you can certainly do it manually if you're trying to follow a chain, such as for debugging broken delegations, missing glue records and so on.
To resolve the A
record of www.stackexchange.com
:
Find a root zone server from the list, which every resolver will have installed:
http://www.internic.net/domain/named.root
We pick the first one, 198.4.10.4
Ask who to ask:
nslookup -norecurse -query=ns www.stackexchange.com 198.41.0.4
Root server says "Don't ask me, ask com
questions ate.gtld-servers.net
", and helpfully gives the address:
Authoritative answers can be found from:
com nameserver = e.gtld-servers.net.
e.gtld-servers.net internet address = 192.12.94.30
(other answers trimmed)
Ask e.gtld-servers.net
who to ask:
nslookup -norecurse -query=ns www.stackexchange.com 192.12.94.30
He says "don't ask me, ask stackexchange.com
questions at ns-925
", and helpfully gives the address.
Non-authoritative answer:
*** Can't find www.stackexchange.com: No answer
Authoritative answers can be found from:
stackexchange.com nameserver = ns-925.awsdns-51.net.
ns-925.awsdns-51.net internet address = 205.251.195.157
...
We see that ns-925
is nameserver for the domain we're after (stackexchange.com
) so we ask for the A
record:
nslookup -norecurse -query=a www.stackexchange.com 205.251.195.157
He says gives a CNAME
response:
www.stackexchange.com canonical name = stackexchange.com.
But as it's a nameserver for that as well, it (helpfully) gave us the the A
record of the CNAME
record:
Name: stackexchange.com
Address: 151.101.129.69
Very exhaustive. Thank you so much for writing this down. What IâÂÂm trying to do is troubleshoot a connection issue for my DSL. IâÂÂm trying to make sure DNS is not the issue, if a delay in the response I get isnâÂÂt causing the slow start of connections IâÂÂm experiencing despite 20ms ping. I will play around a bit more with dig and see what I find.
â Rob de Jonge
Aug 11 at 12:38
Slow startup of TCP connections has many potential causes, but certainly DNS delays are one of them. Timing resolution at different DNS resolvers is a good place to start; alsotcpdump -ttt
to see where any pauses are.
â jonathanjo
Aug 11 at 12:41
ThatâÂÂs my day gone tomorrow! ;-) Thanks so much.
â Rob de Jonge
Aug 11 at 12:42
add a comment |Â
up vote
5
down vote
up vote
5
down vote
As others have already answered, most usually a host sends a recursive query to a nominated resolver, often a local server or router, often belonging to an ISP or Google's well-known (distributed) 8.8.8.8
and 8.8.4.4
. Typically it will have a couple defined, and if the first doesn't respond, it will move to the next after a timeout.
Name resolvers are free to use whatever algorithm they like, including just ask for NS
records (for com.
, stackexchange.com.
right from the top) then an A
record. And also caching, within responded time-to-live parameters.
To find out what a particular name resolver does you'll need to monitor packets or have access to the server.
But you can certainly do it manually if you're trying to follow a chain, such as for debugging broken delegations, missing glue records and so on.
To resolve the A
record of www.stackexchange.com
:
Find a root zone server from the list, which every resolver will have installed:
http://www.internic.net/domain/named.root
We pick the first one, 198.4.10.4
Ask who to ask:
nslookup -norecurse -query=ns www.stackexchange.com 198.41.0.4
Root server says "Don't ask me, ask com
questions ate.gtld-servers.net
", and helpfully gives the address:
Authoritative answers can be found from:
com nameserver = e.gtld-servers.net.
e.gtld-servers.net internet address = 192.12.94.30
(other answers trimmed)
Ask e.gtld-servers.net
who to ask:
nslookup -norecurse -query=ns www.stackexchange.com 192.12.94.30
He says "don't ask me, ask stackexchange.com
questions at ns-925
", and helpfully gives the address.
Non-authoritative answer:
*** Can't find www.stackexchange.com: No answer
Authoritative answers can be found from:
stackexchange.com nameserver = ns-925.awsdns-51.net.
ns-925.awsdns-51.net internet address = 205.251.195.157
...
We see that ns-925
is nameserver for the domain we're after (stackexchange.com
) so we ask for the A
record:
nslookup -norecurse -query=a www.stackexchange.com 205.251.195.157
He says gives a CNAME
response:
www.stackexchange.com canonical name = stackexchange.com.
But as it's a nameserver for that as well, it (helpfully) gave us the the A
record of the CNAME
record:
Name: stackexchange.com
Address: 151.101.129.69
As others have already answered, most usually a host sends a recursive query to a nominated resolver, often a local server or router, often belonging to an ISP or Google's well-known (distributed) 8.8.8.8
and 8.8.4.4
. Typically it will have a couple defined, and if the first doesn't respond, it will move to the next after a timeout.
Name resolvers are free to use whatever algorithm they like, including just ask for NS
records (for com.
, stackexchange.com.
right from the top) then an A
record. And also caching, within responded time-to-live parameters.
To find out what a particular name resolver does you'll need to monitor packets or have access to the server.
But you can certainly do it manually if you're trying to follow a chain, such as for debugging broken delegations, missing glue records and so on.
To resolve the A
record of www.stackexchange.com
:
Find a root zone server from the list, which every resolver will have installed:
http://www.internic.net/domain/named.root
We pick the first one, 198.4.10.4
Ask who to ask:
nslookup -norecurse -query=ns www.stackexchange.com 198.41.0.4
Root server says "Don't ask me, ask com
questions ate.gtld-servers.net
", and helpfully gives the address:
Authoritative answers can be found from:
com nameserver = e.gtld-servers.net.
e.gtld-servers.net internet address = 192.12.94.30
(other answers trimmed)
Ask e.gtld-servers.net
who to ask:
nslookup -norecurse -query=ns www.stackexchange.com 192.12.94.30
He says "don't ask me, ask stackexchange.com
questions at ns-925
", and helpfully gives the address.
Non-authoritative answer:
*** Can't find www.stackexchange.com: No answer
Authoritative answers can be found from:
stackexchange.com nameserver = ns-925.awsdns-51.net.
ns-925.awsdns-51.net internet address = 205.251.195.157
...
We see that ns-925
is nameserver for the domain we're after (stackexchange.com
) so we ask for the A
record:
nslookup -norecurse -query=a www.stackexchange.com 205.251.195.157
He says gives a CNAME
response:
www.stackexchange.com canonical name = stackexchange.com.
But as it's a nameserver for that as well, it (helpfully) gave us the the A
record of the CNAME
record:
Name: stackexchange.com
Address: 151.101.129.69
edited Aug 11 at 18:53
answered Aug 11 at 12:33
jonathanjo
5,490323
5,490323
Very exhaustive. Thank you so much for writing this down. What IâÂÂm trying to do is troubleshoot a connection issue for my DSL. IâÂÂm trying to make sure DNS is not the issue, if a delay in the response I get isnâÂÂt causing the slow start of connections IâÂÂm experiencing despite 20ms ping. I will play around a bit more with dig and see what I find.
â Rob de Jonge
Aug 11 at 12:38
Slow startup of TCP connections has many potential causes, but certainly DNS delays are one of them. Timing resolution at different DNS resolvers is a good place to start; alsotcpdump -ttt
to see where any pauses are.
â jonathanjo
Aug 11 at 12:41
ThatâÂÂs my day gone tomorrow! ;-) Thanks so much.
â Rob de Jonge
Aug 11 at 12:42
add a comment |Â
Very exhaustive. Thank you so much for writing this down. What IâÂÂm trying to do is troubleshoot a connection issue for my DSL. IâÂÂm trying to make sure DNS is not the issue, if a delay in the response I get isnâÂÂt causing the slow start of connections IâÂÂm experiencing despite 20ms ping. I will play around a bit more with dig and see what I find.
â Rob de Jonge
Aug 11 at 12:38
Slow startup of TCP connections has many potential causes, but certainly DNS delays are one of them. Timing resolution at different DNS resolvers is a good place to start; alsotcpdump -ttt
to see where any pauses are.
â jonathanjo
Aug 11 at 12:41
ThatâÂÂs my day gone tomorrow! ;-) Thanks so much.
â Rob de Jonge
Aug 11 at 12:42
Very exhaustive. Thank you so much for writing this down. What IâÂÂm trying to do is troubleshoot a connection issue for my DSL. IâÂÂm trying to make sure DNS is not the issue, if a delay in the response I get isnâÂÂt causing the slow start of connections IâÂÂm experiencing despite 20ms ping. I will play around a bit more with dig and see what I find.
â Rob de Jonge
Aug 11 at 12:38
Very exhaustive. Thank you so much for writing this down. What IâÂÂm trying to do is troubleshoot a connection issue for my DSL. IâÂÂm trying to make sure DNS is not the issue, if a delay in the response I get isnâÂÂt causing the slow start of connections IâÂÂm experiencing despite 20ms ping. I will play around a bit more with dig and see what I find.
â Rob de Jonge
Aug 11 at 12:38
Slow startup of TCP connections has many potential causes, but certainly DNS delays are one of them. Timing resolution at different DNS resolvers is a good place to start; also
tcpdump -ttt
to see where any pauses are.â jonathanjo
Aug 11 at 12:41
Slow startup of TCP connections has many potential causes, but certainly DNS delays are one of them. Timing resolution at different DNS resolvers is a good place to start; also
tcpdump -ttt
to see where any pauses are.â jonathanjo
Aug 11 at 12:41
ThatâÂÂs my day gone tomorrow! ;-) Thanks so much.
â Rob de Jonge
Aug 11 at 12:42
ThatâÂÂs my day gone tomorrow! ;-) Thanks so much.
â Rob de Jonge
Aug 11 at 12:42
add a comment |Â
up vote
3
down vote
A normal DNS client just queries the (DHCP or statically) assigned DNS servers. Only DNS servers usually query root servers, doing a recursive query.
You can use a packet capture of your choice and filter for UDP (TCP) source or destination port 53 to see the communication with any DNS server.
Which servers and exact method a DNS client uses is up to the OS or the application and off-topic here.
add a comment |Â
up vote
3
down vote
A normal DNS client just queries the (DHCP or statically) assigned DNS servers. Only DNS servers usually query root servers, doing a recursive query.
You can use a packet capture of your choice and filter for UDP (TCP) source or destination port 53 to see the communication with any DNS server.
Which servers and exact method a DNS client uses is up to the OS or the application and off-topic here.
add a comment |Â
up vote
3
down vote
up vote
3
down vote
A normal DNS client just queries the (DHCP or statically) assigned DNS servers. Only DNS servers usually query root servers, doing a recursive query.
You can use a packet capture of your choice and filter for UDP (TCP) source or destination port 53 to see the communication with any DNS server.
Which servers and exact method a DNS client uses is up to the OS or the application and off-topic here.
A normal DNS client just queries the (DHCP or statically) assigned DNS servers. Only DNS servers usually query root servers, doing a recursive query.
You can use a packet capture of your choice and filter for UDP (TCP) source or destination port 53 to see the communication with any DNS server.
Which servers and exact method a DNS client uses is up to the OS or the application and off-topic here.
answered Aug 11 at 9:50
Zac67
19.4k21047
19.4k21047
add a comment |Â
add a comment |Â
up vote
2
down vote
I think you are looking for dig +trace. The following command
dig +trace networkengineering.stackexchange.com
will query the root name servers (NS) for the NS of .com, then the .com NS for the NS of stackexchange and finally will get an answer for networkengineering.
add a comment |Â
up vote
2
down vote
I think you are looking for dig +trace. The following command
dig +trace networkengineering.stackexchange.com
will query the root name servers (NS) for the NS of .com, then the .com NS for the NS of stackexchange and finally will get an answer for networkengineering.
add a comment |Â
up vote
2
down vote
up vote
2
down vote
I think you are looking for dig +trace. The following command
dig +trace networkengineering.stackexchange.com
will query the root name servers (NS) for the NS of .com, then the .com NS for the NS of stackexchange and finally will get an answer for networkengineering.
I think you are looking for dig +trace. The following command
dig +trace networkengineering.stackexchange.com
will query the root name servers (NS) for the NS of .com, then the .com NS for the NS of stackexchange and finally will get an answer for networkengineering.
answered Aug 11 at 11:33
Jens Link
3,52911315
3,52911315
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f52476%2fcan-i-see-what-happens-when-i-run-a-dns-query%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password