Contact for queries :

Login

  UpComing Live WebEx Workshop Series

Troubleshooting DNS server Configuration issues using dig command

The dig command offers  you the most information when querying a domain or a particular host within the domain.
Syntax: dig [@global-server] [domain][q-type]
The q-type can be any type of resource record that you’d like to query. If you don’t specify one, the dig command just queries information from the primary nameserver, showing the root hints. Let’s look at how to use this utility for more information to troubleshoot the network.
Step 1. Do a forward lookup of your DNS server directly:

# dig @RHEL01
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> @rhel01
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10633
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL:
14
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 517028 IN NS g.root-servers.net.
. 517028 IN NS h.root-servers.net.
. 517028 IN NS i.root-servers.net.
. 517028 IN NS j.root-servers.net.
. 517028 IN NS k.root-servers.net.
. 517028 IN NS l.root-servers.net.
. 517028 IN NS m.root-servers.net.
. 517028 IN NS a.root-servers.net.
. 517028 IN NS b.root-servers.net.
. 517028 IN NS c.root-servers.net.
. 517028 IN NS d.root-servers.net.
. 517028 IN NS e.root-servers.net.
. 517028 IN NS f.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 517028 IN A 198.41.0.4
a.root-servers.net. 517028 IN AAAA 2001:503:ba3e::2:30
b.root-servers.net. 517028 IN A 192.228.79.201
c.root-servers.net. 517028 IN A 192.33.4.12
d.root-servers.net. 517028 IN A 128.8.10.90
e.root-servers.net. 517028 IN A 192.203.230.10
f.root-servers.net. 517028 IN A 192.5.5.241
f.root-servers.net. 517028 IN AAAA 2001:500:2f::f
g.root-servers.net. 517028 IN A 192.112.36.4
h.root-servers.net. 517028 IN A 128.63.2.53
h.root-servers.net. 517028 IN AAAA
2001:500:1::803f:235
i.root-servers.net. 517028 IN A 192.36.148.17
i.root-servers.net. 517028 IN AAAA 2001:7fe::53
j.root-servers.net. 517028 IN A 192.58.128.30
;; Query time: 12 msec
;; SERVER: 172.168.1.1#53(172.168.1.1)
;; WHEN: Tue Feb 1 10:13:23 2011
;; MSG SIZE rcvd: 500

Step 2. Do a forward lookup of your domain name:

# dig @RHEL01 example.com
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> @rhel01 example.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2847
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL:
1
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 86400 IN A 172.168.1.1
;; AUTHORITY SECTION:
example.com. 86400 IN NS
rhel01.example.com.
;; ADDITIONAL SECTION:
kickstart-01.example.com. 86400 IN A 172.168.1.1
;; Query time: 11 msec
;; SERVER: 172.168.1.1#53(172.168.1.1)
;; WHEN: Tue Feb 1 10:13:36 2011
;; MSG SIZE rcvd: 88

Step 3. Also check the reverse lookup of your domain name:

# dig -x 1.168.172.in-addr.arpa
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> -x 1.168.172.inaddr.
arpa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51122
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;arpa.in-addr.172.168.1.in-addr.arpa. IN PTR
;; Query time: 1584 msec
;; SERVER: 172.168.1.1#53(172.168.1.1)
;; WHEN: Tue Feb 1 10:19:46 2011
;; MSG SIZE rcvd: 53

You might want to check whether your DNS server allows you to perform a zone transfer as well. If it does, make sure you restrict it to certain servers or clients only because the information it provides can allow someone to map out your entire network.
Step 4. Test for zone transfer functionality:

# dig @RHEL01 example.com axfr
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> @rhel01
example.com axfr
; (1 server found)
;; global options: printcmd
example.com. 86400 IN SOA
rhel01.example.com.
root.example.com. 2010120711 86400 7200 2419200 3600
example.com. 86400 IN NS
rhel01.example.com.
example.com. 86400 IN A 172.168.1.1
client02.example.com. 86400 IN A 172.168.1.20
client01.example.com. 86400 IN A 172.168.1.10
rhel02.example.com. 86400 IN A 172.168.1.2
rhel01.example.com. 86400 IN A 172.168.1.1
example.com. 86400 IN SOA
rhel01.example.com.
root.example.com. 2010120711 86400 7200 2419200 3600
;; Query time: 50 msec
;; SERVER: 172.168.1.1#53(172.168.1.1)
;; WHEN: Tue Feb 1 10:21:25 2011
;; XFR size: 8 records (messages 1)

November 16, 2015

0 responses on "Troubleshooting DNS server Configuration issues using dig command"

Leave a Message

Your email address will not be published. Required fields are marked *

About iGURKUL

IGURKUL I.T. Training Hub offering various Career Certification courses in Computer Networking, Unix, Linux, Cloud Computing and DevOps Technologies. With its rich experience in IT training service sector, iGURKUL has been able to set Industry best practices in IT Training for the past five years.

In Past five years, more than 5000 professionals have been trained by iGURKUL for System administration, Cloud Computing and DevOps Skill set through our Online Training portal www.unixadminschool.com. And , each day , more than 10000 working professionals from all over the globe visiting our knowledge base www.unixadminschool.com/blog for the best practices and Knowledge learning.

top
copyright protected - 2011 © igurkul I.T. solutions. All rights reserved.