As we know, DNS is at the backbone of the Internet. Hence, we need to know the basics of DNS troubleshooting. In this post, we will learn how to identify problems in the DNS infrastructure. We will do that by using two powerful command-line tools: nslookup and dig.
DNS Troubleshooting
How and Why
Before starting with DNS troubleshooting, we need to refresh our minds on what DNS does. DNS is a protocol and its infrastructure, with the goal of mapping names to IP addresses. So, troubleshooting DNS means identifying if you are getting this mapping correctly.
DNS troubleshooting is crucial. With it, you can be faster in understanding reachability problems, internet surfing issues, and even mail delivery problems. Almost everything on the Internet relies on DNS, so knowing a thing or two about it will be a great time saver in the long run.
Need to refresh your mind on DNS functionality? We have a detailed post on that.
NSLookup
The command nslookup is the easiest way to troubleshoot DNS, and it is a great way to start. It comes pre-installed on any Windows version, but not on all Linux. If you are running on Linux, you will need to get the dnsutils package (for example, in Ubuntu, use apt-get install dnsutils). On Windows, just open the prompt (Windows+R, then type cmd and hit enter).
Once in the prompt, you can type nslookup. This will enter the nslookup utility. Here, you can simply use ? to see the help.
Now that you are inside the nslookup utils, you can define its configuration to run the queries. Typically, you want to query a specific DNS server, and you can provide it with the server keyword. You may also want to specify a domain name, and the type of record to search. To specify the type, timeout, retry and other options, you need to use the keyword set. Her,e for example, we configure nslookup to query the Cloudflare server (1.1.1.1) for MX records only. Then, we query ICTShore.com. To run the query, simply enter the domain you want to resolve and press enter.
> server 1.1.1.1
Default Server: one.one.one.one
Address: 1.1.1.1
> set type=mx
> ictshore.com
Server: one.one.one.one
Address: 1.1.1.1
Non-authoritative answer:
ictshore.com MX preference = 1, mail exchanger = mail.ictshore.com
>As you can see here, ictshore.com has only 1 MX record, mail.ictshore.com. If we were to query google.com, we would see multiple mail servers as below.
> google.com
Server: one.one.one.one
Address: 1.1.1.1
Non-authoritative answer:
google.com MX preference = 10, mail exchanger = aspmx.l.google.com
google.com MX preference = 20, mail exchanger = alt1.aspmx.l.google.com
google.com MX preference = 30, mail exchanger = alt2.aspmx.l.google.com
google.com MX preference = 40, mail exchanger = alt3.aspmx.l.google.com
google.com MX preference = 50, mail exchanger = alt4.aspmx.l.google.comDig
Dig is the pro alternative to nslookup. It is free, and also part of the dnsutils on Linux. However, it is not a native application in Windows. If you are on Windows like me, don’t panic. You need to download dig and install it. Then, you will need to add it to the PATH variable. Nothing too complex, you can get it done in less than 5 minutes by following this guide on how to install dig.
Once you have dig in your prompt, we are ready to start. Unlike nslookup, here you don’t have to enter the dig utility and configure it. Instead, you run the command with all its option in one line. The simple way to get the name resolution (type A, AAA) is with dig <domain name>. You can tune the command as follows:
- Add
@<DNS server>to use a specific server, e.g.dig @1.1.1.1 ictshore.com. - Specify the type of record after the domain name to see only that type, e.g.
dig ictshore.com MX. - Use
-Xto resolve a PTR record (from IP to name), e.g.dig -X 192.168.1.1.
So far, nothing more advanced than nslookup. Not until we add the most amazing feature: DNS trace. You can use it by adding +trace after the domain name, and it reconstructs the entire resolution process. In this way, you will see all the steps of your query: from querying the root domains to querying the last domain. It is important to see if something breaks.
PTR resolution on Windows
If you have an IP and you want to know if it is mapped with a name, you can use dig with -X option. If you don’t have this tool, on Windows, you can still resort to the old good ping. However, here, use the -a option (e.g. ping -a 192.168.1.1).
Bonus: check DNS propagation
Often times, you create a public DNS entry and you want to see if everyone is receiving it. On your PC, you will have to use dig with multiple servers to see if many DNS servers actually received your new info. You can see the pain of doing so for many entries. Luckily, there is an online tool that can do that for you. I am talking about What’s my DNS, a tool where you can ask DNS queries to multiple DNS servers around the world.
A Quick Summary
DNS troubleshooting means understanding if a name resolves correctly to an IP address. You can do basic troubleshooting with nslookup with nslookup <domain name>, and with dig with dig <domain name>. However, things starts to get interesting if you want to identify the entire flow of your DNS query. In that case, the only tool for you is dig, with the +trace option.
How do you troubleshoot DNS issues? What about DNS propagation? Let me know in the comments.
