dnstracer

Find out where your local DNS got the information on www.example.com

$ dnstracer [www.example.com]

$ dnstracer -s [dns.example.org] [www.example.com]

$ dnstracer -4 [www.example.com]

$ dnstracer -r [5] [www.example.com]

$ dnstracer -v [www.example.com]

$ dnstracer -o [www.example.com]

dnstracer [-c queryclass] [-q querytype] [-t timeout] [-m maxloops] [-l] [-v] [-d] hostname

-c queryclass
    Specify DNS query class (default: IN)

-q querytype
    Specify DNS query type (default: A)

-t timeout
    Set query timeout in seconds (default: 5)

-m maxloops
    Maximum delegation loops (default: 30)

-l
    List all nameservers from cache

-v
    Enable verbose output

-d
    Enable debug mode

dnstracer is a powerful command-line tool for debugging DNS resolution by tracing the full path of a recursive DNS query from the root nameservers down to the authoritative server. It simulates the process a resolver follows, sending iterative queries and following NS referrals, displaying each step including server IP, response time, and delegation details.

Unlike dig +trace, dnstracer starts from the root and queries each level explicitly, helping identify issues like lame delegations, timeouts, or misconfigurations in the DNS hierarchy. Output shows query type, class, server queried, status (SERVFAIL, NXDOMAIN, etc.), and NS records received. Ideal for network admins troubleshooting delegation chains or slow resolutions.

May fail on firewalls blocking UDP/53; does not handle DNSSEC by default; root hints must be available or fetched.

dnstracer example.com
Traces A record path for example.com from root.

dnstracer -q MX -t 3 gmail.com
Traces MX records with 3s timeout.

Developed by dnstracer@nl.alibabanet around 2002; maintained sporadically, available in most Linux distros via dnstracer package. Inspired by need for explicit delegation tracing beyond standard tools.

dig(1), host(1), nslookup(1), drill(1)