trace a chain of DNS servers to the source


Find out where your local DNS got the information on

$ dnstracer []

Start with a [s]pecific DNS that you already know
$ dnstracer -s [] []

Only query IPv4 servers
$ dnstracer -4 []

Retry each request 5 times on failure
$ dnstracer -r [5] []

Display all steps during execution
$ dnstracer -v []

Display an [o]verview of all received answers after execution
$ dnstracer -o []


dnstracer [options] name


dnstracer determines where a given Domain Name Server (DNS) gets its information from, and follows the chain of DNS servers back to the servers which know the data.

Options are:


Disable local caching.


Enable negative caching.


Disable EDNS0 options.

-E size

Set EDNS0 size, default is 1500 bytes.


Enable overview of received answers at the end.

-q queryclass

Change the query-class, default is A. You can either specify a number of the type (if you're brave) or one of the following strings: a, aaaa, a6, soa, cname, hinfo, mx, ns, txt and ptr.

-r retries

Number of retries for DNS requests, default 3.

-s server

DNS server to use for the initial request, default is aquired from the system. If a dot is specified (.), A.ROOT-SERVERS.NET will be used.


Be verbose on what sent or received.


Use only IPv4 servers, don't query IPv6 servers (only available when IPv6 support hasn't been disabled)

-S sourceaddress

Use this as source-address for the outgoing packets.


It sends the specified name-server a non-recursive request for the name.

Non-recursive means: if the name-server knows it, it will return the data requested. If the name-server doesn't know it, it will return pointers to name-servers that are authoritive for the domain part in the name or it will return the addresses of the root name-servers.

If the name server does returns an authoritative answer for the name, the next server is queried. If it returns an non-authoritative answer for the name, the name servers in the authority records will be queried.

The program stops if all name-servers are queried.

Make sure the server you're querying doesn't do forwarding towards other servers, as dnstracer is not able to detect this for you.

It detects so called lame servers, which are name-servers which has been told to have information about a certain domain, but don't have this information.


Search for the A record of on your local nameserver:


Search for the MX record of on the root-nameservers:

dnstracer -s . -q mx

Search for the PTR record (hostname) of

dnstracer -q ptr

And for IPv6 addresses:

dnstracer -q ptr -s . -o


ntptrace (8), traceroute (8), dig (1)


Edwin Groothuis, (

See for mailing-lists.

Copied to clipboard