Friday, November 14, 2008

dig +trace

If you are curious about how DNS works, you probably should have a look at dig +trace. Dig +trace gives you a hierarchical listing of the DNS servers responsible for each level of a domain name.

The tool starts by going to the top level name servers (you know, the 13 root servers that make DNS work) and asking for the top level domain name servers for .com or .net or .uk or .whatever. Then it picks one of those top level servers and asks for the servers responsible for the next level, like, etc. It does this until it finds the authoritative servers for the hostname or domain name or IP address you entered.

It's great for getting a top down view of how the DNS system works. You can also see if there are problems finding the authoritative servers. You can do this from the unix/linux command line (dig hostname +trace) or from our software.

Here is an example using as an input to NetScanTools Pro's Name Server Lookup tool:

[Start Query]
DiG Starting Timestamp: 11/14/08 21:03:54

; <<>> DiG 9.x <<>> +trace
. 65326 IN NS
. 65326 IN NS
;; Received 228 bytes from ( in 63 ms

;; Received 509 bytes from ( in 140 ms

(note: these are the authoritative domain servers for handling the queries for hostnames in the domain) 172800 IN NS 172800 IN NS 172800 IN NS 172800 IN NS 172800 IN NS
;; Received 209 bytes from H.GTLD-SERVERS.NET ( in 234 ms 3600 IN CNAME
;; Received 73 bytes from ( in 62 ms

[End Query]

With each level, you can see that a number was returned. This is the TTL (time-to-live) for the DNS record in seconds. If you do the dig +trace query again, the numbers for the root servers will be smaller reflecting the time you took between queries.

You can see that ns1 told us that is aliased to a server handled by Akamai. It did not tell us the IP address -- we did an 'ANY' query and the CNAME record was all that was returned to us.

No comments: