Top 6 Tools for DNS Troubleshooting
Troubleshooting never ends. Problems in network computing can happen at many different levels. One technology that every internet user depends on is DNS, which stands for domain name system. A domain name is an alphanumeric designation for an IP address. DNS servers are the databases that manage the hierarchical domain name system. Sometimes these servers are not configured properly. That’s where the DNS troubleshooting comes it.
The task of DNS troubleshooting is primarily one of information gathering. Troubleshooting tools like nslookup work as checks against the configuration of DNS servers. The word nslookup is short for “name server lookup”. It is a query tool that works in both Windows and Linux environments.
The simplest way to use nslookup is to type the command followed by a domain name. Let’s take Google, for example. The command line entry and the results will look something like this:
In the above response, you can see in the first section what server it is using to obtain the information. In this case, it is using the local DNS server on my network. For you, it may be your router or your ISP or even an internal corporate DNS server, depending on where you are. In the second section you see it has received a non-authoritative answer. This is not something to be concerned about, this simply means that the server giving the answer is a recursive DNS resolver, which is very common. It would be unusual to hit the primary/authoritative DNS server from your local machine. And of course, you see the addresses given out for www.google.com. Both an IPv6 address (first) and an IPv4 address after that. Your machine will decide which IP to use based on your connectivity, so don't worry if you're not IPv6 enabled yet, the IPv4 will be used.
You can also go into interactive mode by typing nslookup at the command prompt. You will notice that the prompt changes to “>”. Here you can type in the domain name directly.
There are many different ways that you can query DNS databases with nslookup. You can query only information about mail server settings by typing [set type=mx] in interactive mode. You can also connect to a different DNS. For instance, to connect to Google’s DNS, you would type [server 126.96.36.199].
Of course, you should know something about DNS and its parameters if you want to get the most out of the dnslookup tool. There was talk of deprecating the nslookup tool and replacing it with host and dig, but it remains a helpful tool that many troubleshooters use. In our opinion, however, dig is far superior and if you use these tools on a regular basis, it is worth installing dig on your Windows machine since nslookup has not been updated for quite some time and is a little buggy.
Another favorite command-line tool for DNS troubleshooting is called dig. The name stands for domain internet groper. This tool is used on Linux, and can really help you dig into DNS issues, as the name suggests. Here’s an example from dig:
$ dig -t mx www.google.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> -t mx www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40683
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.google.com. IN MX
;; AUTHORITY SECTION:
google.com. 60 IN SOA ns1.google.com. dns-admin.google.com. 164707171 900 900 1800 60
;; Query time: 61 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Wed Aug 09 14:34:03 EDT 2017
;; MSG SIZE rcvd: 113
The example here queries the mail servers of Google. There are none listed here for Google, but if you put yours in you should see a section that lists your mail servers. To get more information about dig, type [man dig] in the Linux command line. For example, the "-t" you see above is to specify the type of query, in this case MX records. But we find it is often not required any more. So, if you leave that out, it works just the same on modern versions of dig. If you do not specify the query type, such as MX, then it will default to listing 'A' records. And lastly, if you want to query a specific server, use the @ symbol. For example "dig @a1.uberns.com www.google.com" will query our servers, and you'll see that we're not authoritative for the zone so we have no answers. You know this because it says "WARNING: recursion requested but not available."
A third command-line option for DNS troubleshooting is a simple command called host. The output of the command is generally more abbreviated than nslookup and dig. Here is a sample:
$ host www.google.com
www.google.com has address 188.8.131.52
www.google.com has IPv6 address 2607:f8b0:4002:808::2004
But just because it’s not as verbose doesn’t mean it less useful. You just need to know how to use it. To learn more about host, type [man host] in the Linux command line.
Each of these tools -- nslookup, dig, and host -- can be helpful when troubleshooting DNS issues. The one you use may depend on how familiar you are with it and which one you prefer.
If you’re not comfortable with command line troubleshooting, there are other options available. The website DNSStuff offers a lot of information simply by typing in a domain name. Try it and see what you can learn.
The site provides a free toolkit that offers lots of possibilities for investigation. Their DNS report, for example, gives a pass/fail grade to a variety of tests. They also offer a professional toolset for a price.
If your primary interest is in the troubleshooting mail server issues, MXToolbox may be the place to start. But the name can be deceiving. You can do all kinds of other tests on the site as well. Their dnscheck, for instance, can tell you a lot about what’s working and what’s not.
Actually, the toolset on mxtoolbox.com deals with a lot more than mail or DNS. It contains a wide variety of network tools that you never knew you needed.
The same goes for DNSQuery.org. From whois to DNS records query to ping and traceroute, you can do a lot of investigation directly from their homepage.
So what’s the best way to get started with DNS troubleshooting. The choice of tools can be overwhelming. Which one should you use? Which tests do you really need to run? If you don’t mind dealing with the command line, see what you can do with nslookup. It works on either Windows or Linux. If you like to work on Linux, you’re probably already familiar with commands like dig or host and just need to play with them a bit. The online tools will give you plenty of information, but you still need to know what to do with it.
Knowing what tools to use if only a start. Learning how to troubleshoot networks can take a lifetime.
Other posts you might like...
The True Costs of Downtime for IT
Downtime is a dirty word in the IT business. Unplanned outages are unacceptable and should not be tolerated. In a universe where customers expect services to be available 99.999% of the time, any time your IT service offering is down is costly to your business.
The Need for Increased Availability is Now
Our predictions for the last half of 2017: Ransomware will keep evolving, the rise of IoT will pave way for increased DDoS Attacks, IPv6 Traffic will continue to grow exponentially, Machine Learning and AI will be applied to enhance security, and the need for increased availability is now.read more
5 Ways to Increase Application Availability
A service provider that offers software-as-a-service or another cloud-based solution should understand what customers are looking for and what compels those very customers to choose an off-premise, “cloud-based” solution vs. the more traditional on-premise, self-hosted solution.read more