CBT Nugget: Linux Server Administration - 10. Testing DNS

Testing DNS

Testing DNS (Domain Name System) functionality is crucial for ensuring that domain names resolve correctly to their corresponding IP addresses. Here are various methods and tools to test and diagnose DNS issues.

Basic DNS Query Tools

1. nslookup:

   • Queries DNS to find the IP address associated with a domain name and vice versa.

   Example:

   sh
   nslookup example.com
   

   Output:

   plaintext
   Server:		192.168.1.1
   Address:	192.168.1.1#53
   
   Non-authoritative answer:
   Name:	example.com
   Address: 93.184.216.34
   

   Reverse Lookup:

   sh
   nslookup 93.184.216.34
   

2. dig:

   • Provides detailed DNS query information, including DNS records, query time, and server information.

   Example:

   sh
   dig example.com
   

   Output:

   plaintext
   ; <<>> DiG 9.11.3-1ubuntu1.13-Ubuntu <<>> example.com
   ;; global options: +cmd
   ;; Got answer:
   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22606
   ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
   
   ;; QUESTION SECTION:
   ;example.com.			IN	A
   
   ;; ANSWER SECTION:
   example.com.		299	IN	A	93.184.216.34
   
   ;; Query time: 23 msec
   ;; SERVER: 192.168.1.1#53(192.168.1.1)
   ;; WHEN: Wed Jun 12 10:20:23 UTC 2024
   ;; MSG SIZE  rcvd: 56
   

   Querying Specific Record Types:

   sh
   dig example.com MX
   dig example.com NS
   dig example.com TXT
   

3. host:

   • Simplifies DNS lookups by providing a concise output format.

   Example:

   sh
   host example.com
   

   Output:

   plaintext
   example.com has address 93.184.216.34
   example.com mail is handled by 10 mail.example.com.
   

4. ping:

   • Checks if a domain resolves to an IP address and if the IP address is reachable.

   Example:

   sh
   ping -c 4 example.com
   

   Output:

   plaintext
   PING example.com (93.184.216.34): 56 data bytes
   64 bytes from 93.184.216.34: icmp_seq=0 ttl=56 time=15.2 ms
   64 bytes from 93.184.216.34: icmp_seq=1 ttl=56 time=14.9 ms
   64 bytes from 93.184.216.34: icmp_seq=2 ttl=56 time=15.0 ms
   64 bytes from 93.184.216.34: icmp_seq=3 ttl=56 time=15.1 ms
   
   --- example.com ping statistics ---
   4 packets transmitted, 4 packets received, 0.0% packet loss
   

Advanced DNS Query Tools

1. mtr:

   • Combines the functionality of ping and traceroute, useful for diagnosing DNS-related network issues.

   Example:

   sh
   mtr example.com
   

2. dnsmasq:

   • A lightweight DNS forwarder and DHCP server, useful for testing DNS caching and custom DNS configurations.

   Example Configuration:

   plaintext
   server=8.8.8.8
   

3. resolvectl (Systemd-based systems):

   • Queries the systemd-resolved service for DNS resolution details.

   Example:

   sh
   resolvectl query example.com
   

   Output:

   plaintext
   example.com: 93.184.216.34  2606:2800:220:1:248:1893:25c8:1946
   

4. dnf (Dynamic Host Configuration Protocol Network File System):

   • Useful for querying and managing DNS in environments that use DHCP.

   Example:

   sh
   dnf dns example.com
   

DNS Caching and Flushing

1. Flush DNS Cache (Linux):

   • Depending on the Linux distribution, different commands might be needed to flush the DNS cache.

   Systemd-based systems:

   sh
   sudo systemctl restart systemd-resolved
   

   dnf:

   sh
   sudo dnf clean all
   

2. Flush DNS Cache (macOS):

   sh
   sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
   

3. Flush DNS Cache (Windows):

   sh
   ipconfig /flushdns
   

Diagnosing DNS Issues

1. Check /etc/resolv.conf:

   • Ensure the file contains correct nameserver entries.

   Example:

   plaintext
   nameserver 8.8.8.8
   nameserver 8.8.4.4
   

2. Check for Firewall or Security Software:

   • Ensure that firewall or security software is not blocking DNS queries.

3. Use Alternate DNS Servers:

   • Test using public DNS servers like Google DNS (8.8.8.8 and 8.8.4.4) or Cloudflare DNS (1.1.1.1 and 1.0.0.1).

   Example:

   sh
   dig @8.8.8.8 example.com
   

4. Inspect Network Configuration:

   • Use ifconfig or ip addr to check network interface settings.

   Example:

   sh
   ip addr
   

Example Scenario

Diagnosing DNS Resolution Failure:

1. Check if the Domain Resolves:

   sh
   nslookup example.com
   

2. Query Specific DNS Records:

   sh
   dig example.com MX
   

3. Ping the Domain:

   sh
   ping -c 4 example.com
   

4. Check /etc/resolv.conf:

   sh
   cat /etc/resolv.conf
   

5. Flush DNS Cache:

   sh
   sudo systemctl restart systemd-resolved
   

6. Test with an Alternate DNS Server:

   sh
   dig @8.8.8.8 example.com
   

Summary

Testing DNS involves using a variety of tools to ensure domain names resolve correctly to IP addresses and that DNS servers are functioning properly. Basic tools like nslookup, dig, and host provide straightforward methods for querying DNS records. Advanced tools like mtr, dnsmasq, and resolvectl offer more detailed diagnostics. Checking configurations, flushing DNS caches, and using alternate DNS servers can help diagnose and resolve DNS issues effectively.