LinuxCommandLibrary

dnstracer

Trace DNS query resolution path

TLDR

Find out where your local DNS got the information on www.example.com

$ dnstracer [www.example.com]
copy

Start with a [s]pecific DNS that you already know
$ dnstracer -s [dns.example.org] [www.example.com]
copy

Only query IPv4 servers
$ dnstracer -4 [www.example.com]
copy

Retry each request 5 times on failure
$ dnstracer -r [5] [www.example.com]
copy

Display all steps during execution
$ dnstracer -v [www.example.com]
copy

Display an [o]verview of all received answers after execution
$ dnstracer -o [www.example.com]
copy

SYNOPSIS

dnstracer [options]

PARAMETERS

-h
    Display help information.

-v
    Be verbose (increase level with multiple -v).

-s
    Specify the server to start tracing from (default: your configured DNS server).

-t
    Set the timeout for DNS queries (default: 5 seconds).

-m
    Set the maximum number of tries for each query (default: 3).

-o
    Output results to a file.

-r
    Bypass cache using a random query.

-4
    Use IPv4 only.

-6
    Use IPv6 only.

-S
    Strict mode; exit on error.

DESCRIPTION

dnstracer is a command-line utility used to trace the route a DNS query takes from your machine to the authoritative name servers for a given domain. It helps diagnose DNS configuration issues, identify bottlenecks, and understand the hierarchy of DNS servers involved in resolving a domain name.

The command starts by querying your local DNS server and follows referrals from each server it encounters until it reaches the authoritative name servers. It displays the IP addresses, round-trip times, and other relevant information for each server along the path. This allows users to visualize the DNS resolution process and pinpoint potential problems like misconfigured servers, slow response times, or incorrect delegations.

dnstracer is particularly useful for network administrators and DNS experts who need to troubleshoot DNS-related issues and ensure proper DNS resolution for their domains. It can also be used for educational purposes to understand how the DNS system works.

CAVEATS

dnstracer may not work correctly if DNSSEC is enabled, as it does not fully support DNSSEC validation. Firewalls can also interfere with the tracing process by blocking DNS queries or responses.

EXAMPLE USAGE

dnstracer example.com - Traces the DNS resolution path for example.com, starting from your configured DNS server.
dnstracer -s 8.8.8.8 example.com - Traces the DNS resolution path for example.com, starting from Google's public DNS server (8.8.8.8).

HISTORY

dnstracer has been available for a long time and is not actively developed anymore. Its purpose is to simplify the process of identifying issues in DNS propagation.

SEE ALSO

dig(1), host(1), nslookup(1)

Copied to clipboard