There are 3 valuable tools that you can use from your desktop to review DNS settings; host, nslookup and dig. By using these tools effectively, you will be able to analyze your DNS settings to find problems. This tutorial will show you how to use each of these valuable tools.
The host tool provides basic information about how DNS resolves. nslookup is used to query domain servers. It will run in two modes: interactive and non-interactive. The interactive mode allows you to query for various hosts and domains while the non-interactive mode just returns the requested information. dig stands for Domain Information Groper and gives you a way to retrieve a lot of useful information.
Test DNS Settings
Before you begin check your DNS settings be sure to review /etc/resolv.conf for the DNS servers listed. This file is important because the tools you use to test DNS will typically use the domain name servers listed in this file.
There are three tools that are helpful when testing DNS; host, nslookup and dig. Try these tests on a domain that you have running currently in your organization.
The host tool provides basic information about how DNS resolves.
Check if the host resolves to the correct IP Address.
host cnn.com
cnn.com has address 64.236.24.12
cnn.com has address 64.236.24.20
cnn.com has address 64.236.24.28
cnn.com has address 64.236.29.120
cnn.com has address 64.236.16.20
cnn.com has address 64.236.16.52
cnn.com has address 64.236.16.84
Check to see if the reverse lookup resolves correctly.
host 64.236.24.12
12.24.236.64.in-addr.arpa domain name pointer www3.cnn.com.
The -C option compares the SOA answers to authoritative nameservers.
host -C cnn.com
Nameserver twdns-02.ns.aol.com:
cnn.com SOA twdns-01.ns.aol.com. hostmaster.tbsnames.turner.com. 2007030901 900 300 604801 900
Nameserver twdns-03.ns.aol.com:
cnn.com SOA twdns-01.ns.aol.com. hostmaster.tbsnames.turner.com. 2007030901 900 300 604801 900
Nameserver twdns-04.ns.aol.com:
cnn.com SOA twdns-01.ns.aol.com. hostmaster.tbsnames.turner.com. 2007030901 900 300 604801 900
Nameserver twdns-01.ns.aol.com:
cnn.com SOA twdns-01.ns.aol.com. hostmaster.tbsnames.turner.com. 2007030901 900 300 604801 900
The nslookup tool provides more information than host.
nslookup is used to query domain servers. It will run in two modes: interactive and non-interactive. The interactive mode allows you to query for various hosts and domains while the non-0interactive mode just returns the requested information.
Interactive Mode
In interactive mode you issue the command and then have options as to the information you want to receive. In the example, cnn.com is requested and then more information on a specific server is requested.
nslookup
> cnn.com
Server: 12.32.34.32
Address: 12.32.34.32#53
Non-authoritative answer:
Name: cnn.com
Address: 64.236.24.12
Name: cnn.com
Address: 64.236.24.20
Name: cnn.com
Address: 64.236.24.28
Name: cnn.com
Address: 64.236.29.120
Name: cnn.com
Address: 64.236.16.20
Name: cnn.com
Address: 64.236.16.52
Name: cnn.com
Address: 64.236.16.84
> 64.236.16.84
Server: 12.32.34.32
Address: 12.32.34.32#53
Non-authoritative answer:
84.16.236.64.in-addr.arpa name = www6.cnn.com.
Authoritative answers can be found from:
16.236.64.in-addr.arpa nameserver = dns-01.atdn.net.
16.236.64.in-addr.arpa nameserver = dns-02.atdn.net.
dns-01.atdn.net internet address = 152.163.159.236
dns-02.atdn.net internet address = 205.188.157.236
Ctrl+C to quit
Check domain lookup.
nslookup cnn.com
Server: 12.32.34.32
Address: 12.32.34.32#53
Non-authoritative answer:
Name: cnn.com
Address: 64.236.16.20
Name: cnn.com
Address: 64.236.16.52
Name: cnn.com
Address: 64.236.16.84
Name: cnn.com
Address: 64.236.24.12
Name: cnn.com
Address: 64.236.24.20
Name: cnn.com
Address: 64.236.24.28
Name: cnn.com
Address: 64.236.29.120
Check reverse lookup.
nslookup 64.236.16.20
Server: 12.32.34.32
Address: 12.32.34.32#53
Non-authoritative answer:
20.16.236.64.in-addr.arpa name = www2.cnn.com.
Authoritative answers can be found from:
16.236.64.in-addr.arpa nameserver = dns-02.atdn.net.
16.236.64.in-addr.arpa nameserver = dns-01.atdn.net.
dns-01.atdn.net internet address = 152.163.159.236
dns-02.atdn.net internet address = 205.188.157.236
Check Your DNS Settings with dig
dig stands for Domain Information Groper
dig cnn.com
; <<>> DiG 9.2.4 <<>> cnn.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52140
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 4, ADDITIONAL: 0
;; QUESTION SECTION:
;cnn.com. IN A
;; ANSWER SECTION:
cnn.com. 300 IN A 64.236.16.52
cnn.com. 300 IN A 64.236.16.84
cnn.com. 300 IN A 64.236.24.12
cnn.com. 300 IN A 64.236.24.20
cnn.com. 300 IN A 64.236.24.28
cnn.com. 300 IN A 64.236.29.120
cnn.com. 300 IN A 64.236.16.20
;; AUTHORITY SECTION:
cnn.com. 114 IN NS twdns-03.ns.aol.com.
cnn.com. 114 IN NS twdns-04.ns.aol.com.
cnn.com. 114 IN NS twdns-01.ns.aol.com.
cnn.com. 114 IN NS twdns-02.ns.aol.com.
;; Query time: 134 msec
;; SERVER: 12.32.34.32#53(12.32.34.32)
;; WHEN: Sun Mar 18 17:37:32 2007
;; MSG SIZE rcvd: 236
Reading the Output of dig
; <<>> DiG 9.2.4 <<>> cnn.com
;; global options: printcmd
This line simply shows the information that was requested at the command line.
;; Got answer:
dig received an answer on the request.
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52140
This is the beginning of the information that was received when the request was made. The opcode is always QUERY. The status shows that there is no errors detected. The id is a 16-bit number used to match responses to queries.
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 4, ADDITIONAL: 0
The qr flag shows that the message was a response. The rd indicates that the recursive bit was set , which is typical of most queries. The ra shows that recursion was available from the remote name server. The QUERY: 1 shows that one request was made and seven answers were provided, ANSWER: 7. Four of those answers were authoritative, AUTHORITY: 4.
;; QUESTION SECTION:
;cnn.com. IN A
This is the question.
;; ANSWER SECTION:
cnn.com. 300 IN A 64.236.16.52
cnn.com. 300 IN A 64.236.16.84
cnn.com. 300 IN A 64.236.24.12
cnn.com. 300 IN A 64.236.24.20
cnn.com. 300 IN A 64.236.24.28
cnn.com. 300 IN A 64.236.29.120
cnn.com. 300 IN A 64.236.16.20
This is the seven answers.
;; AUTHORITY SECTION:
cnn.com. 114 IN NS twdns-03.ns.aol.com.
cnn.com. 114 IN NS twdns-04.ns.aol.com.
cnn.com. 114 IN NS twdns-01.ns.aol.com.
cnn.com. 114 IN NS twdns-02.ns.aol.com.
These are the four authoritative servers.
;; Query time: 134 msec
;; SERVER: 12.32.34.32#53(12.32.34.32)
;; WHEN: Sun Mar 18 17:37:32 2007
;; MSG SIZE rcvd: 236
This shows the time it took for the query, the name server used for the query, which is in the /etc/resolv.conf file and when the request was made.
Use dig to check reverse lookup.
dig -x 64.236.16.52
; <<>> DiG 9.5.0-P2 <<>> -x 64.236.16.52
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28585
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;52.16.236.64.in-addr.arpa. IN PTR
;; ANSWER SECTION:
52.16.236.64.in-addr.arpa. 3600 IN PTR www4.cnn.com.
;; AUTHORITY SECTION:
16.236.64.in-addr.arpa. 3600 IN NS dns-01.atdn.net.
16.236.64.in-addr.arpa. 3600 IN NS dns-02.atdn.net.
;; ADDITIONAL SECTION:
dns-02.atdn.net. 172800 IN A 205.188.157.236
;; Query time: 592 msec
;; SERVER: 12.32.36.123#53(12.32.36.123)
;; WHEN: Wed Feb 4 05:44:40 2009
;; MSG SIZE rcvd: 135
type
You can follow the dig command with a type to gain additional information. In this example the type MX is requested.
dig cnn.com MX
; <<>> DiG 9.2.4 <<>> cnn.com MX
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27913
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 13, ADDITIONAL: 8
;; QUESTION SECTION:
;cnn.com. IN MX
;; ANSWER SECTION:
cnn.com. 3451 IN MX 10 atlmail3.turner.com.
cnn.com. 3451 IN MX 10 atlmail5.turner.com.
cnn.com. 3451 IN MX 20 nycmail1.turner.com.
cnn.com. 3451 IN MX 20 nycmail2.turner.com.
Request for A records.
dig cnn.com A
; <<>> DiG 9.2.4 <<>> cnn.com A
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63381
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 4, ADDITIONAL: 0
;; QUESTION SECTION:
;cnn.com. IN A
;; ANSWER SECTION:
cnn.com. 284 IN A 64.236.16.20
cnn.com. 284 IN A 64.236.16.52
cnn.com. 284 IN A 64.236.16.84
cnn.com. 284 IN A 64.236.24.12
cnn.com. 284 IN A 64.236.24.20
cnn.com. 284 IN A 64.236.24.28
cnn.com. 284 IN A 64.236.29.120
Another option for testing your DNS settings is to use a site like http://www.dnsreport.com.   This site will evaluate your settings and give you ideas where you have problems.
