Continuing our coverage of ping-verse … after pathping, fping, gping, prettyping, and nping, today we’ll talk about dnsping! There is more to come…
As its name reveals, dnsping is a utility that is focused in probing, troubleshooting, and measuring response time of DNS servers. Let’s see how you can install it and how you can use it.
The easy way to install it with the following:
apt-get install dnsdiag
Actually, dnsping is part of a package that also includes dnstraceroute and dnseval as we’ll see below.
As usually, to make sure you get the latest version of, it’s better to install from github as follows:
git clone https://github.com/farrokhi/dnsdiag.git cd dnsdiag pip3 install -r requirements.txt
If you are missing pip3 you can install it with sudo apt-get -y install python3-pip
At this point you should be able to see the three executables, dnsping.py, dneval.py, and dnstraceroute.py in the dnsdiag directory.
Usage
By using the --help on any of dnsping.py, dnseval.py, and dnstraceroute.py you get all the different options available for each utility. The help output is well document and the options are pretty much self explanatory.
In its simplest form, you can run the following test:
netbeez.net$ ./dnsping.py google.com dnsping.py DNS: 127.0.0.53:53, hostname: google.com, proto: UDP, rdatatype: A, flags: RD 55 bytes from 127.0.0.53: seq=1 time=0.325 ms 55 bytes from 127.0.0.53: seq=2 time=0.310 ms 55 bytes from 127.0.0.53: seq=3 time=0.308 ms 55 bytes from 127.0.0.53: seq=4 time=0.450 ms 55 bytes from 127.0.0.53: seq=5 time=0.373 ms 55 bytes from 127.0.0.53: seq=6 time=0.368 ms 55 bytes from 127.0.0.53: seq=7 time=0.384 ms 55 bytes from 127.0.0.53: seq=8 time=0.376 ms 55 bytes from 127.0.0.53: seq=9 time=0.312 ms 55 bytes from 127.0.0.53: seq=10 time=0.303 ms --- 127.0.0.53 dnsping statistics --- 10 requests transmitted, 10 responses received, 0% lost min=0.303 ms, avg=0.351 ms, max=0.450 ms, stddev=0.048 ms
This looks a lot like the regular ping output, but in this case, dnsping reports how long it takes to resolve “google.com” by using the system’s default servers.
There are several flags you can use to customize your results. For example:
netbeez.net$ ./dnsping.py --tcp --server 1.1.1.1 --count 5 baidu.com dnsping.py DNS: 1.1.1.1:53, hostname: baidu.com, proto: TCP, rdatatype: A, flags: RD 70 bytes from 1.1.1.1: seq=1 time=4.816 ms 70 bytes from 1.1.1.1: seq=2 time=2.806 ms 70 bytes from 1.1.1.1: seq=3 time=5.005 ms 70 bytes from 1.1.1.1: seq=4 time=2.147 ms 70 bytes from 1.1.1.1: seq=5 time=2.567 ms --- 1.1.1.1 dnsping statistics --- 5 requests transmitted, 5 responses received, 0% lost min=2.147 ms, avg=3.468 ms, max=5.005 ms, stddev=1.340 ms
Uses TCP as transport protocol for the test, use the DNS server 1.1.1.1 and does 5 tests. You can explore the rest of the options easily by playing with them.
Dnstraceroute traces the hop-by-hop information to the DNS server used to do a query. This helps you understand if your DNS traffic goes through any unexpected route.
Here is what it looks like:
netbeez.net$ sudo ./dnstraceroute.py --expert --asn --type A --server 209.244.0.3 baidu.com dnstraceroute.py DNS: 209.244.0.3:53, hostname: baidu.com, rdatatype: A 1 * 2 * 3 * 4 * 5 * 6 100.65.13.129 (100.65.13.129) 1.031 ms 7 52.93.29.45 (52.93.29.45) 2.014 ms 8 100.100.30.82 (100.100.30.82) 1.967 ms 9 100.95.23.225 (100.95.23.225) 1.797 ms 10 100.95.7.97 (100.95.7.97) 2.556 ms 11 * 12 100.65.15.1 (100.65.15.1) 1.114 ms 13 * 14 54.239.109.117 (54.239.109.117) [AS16509 AMAZON-02, US] 3.037 ms 15 resolver1.level3.net (209.244.0.3) [AS3356 LEVEL3, US] 247.246 ms === Expert Hints === [*] No expert hint available for this trace
The options I used are self explanatory. The --expert option is supposed to print warnings for detected events such as hijacking, but I haven’t seen it in practice giving any useful information (also because there is nothing out of the ordinary going on).
Finally, dnseval.py gives you an easy way to compare multiple DNS servers. To begin, put the DNS servers you want to compare in a file (e.g. servers.txt) one server on each line.
To try to compare apples to apples as much as possible, for LFT we use the IP traceroute targeted for www.google.com
netbeez.net$ echo 1.1.1.1 > servers.txt netbeez.net$ echo 8.8.8.8 >> servers.txt netbeez.net$ echo 209.244.0.3 >> servers.txt <code> Then use the utilite as follows:
Then use the utility as follows:
netbeez.net$ ./dnseval.py --count 20 --file servers.txt baidu.com
server avg(ms) min(ms) max(ms) stddev(ms) lost(%) ttl flags response
-------------------------------------------------------------------------------------------------------------------
1.1.1.1 1.454 1.078 1.790 0.193 %0 585 QR -- -- RD RA -- -- NOERROR
8.8.8.8 1.139 0.927 1.495 0.175 %0 574 QR -- -- RD RA -- -- NOERROR
209.244.0.3 1.888 1.650 2.180 0.159 %0 322 QR -- -- RD RA -- -- NOERROR
1.987 1.739 2.312 0.179 %0 405 QR -- -- RD RA -- -- NOERROR
In the installation directory there is a file public-servers.txt that contains several well known public DNS servers. Here is what it looks like to use dnseval.py on that file:
$ ./dnseval.py --count 20 --file public-servers.txt ripe.net server avg(ms) min(ms) max(ms) stddev(ms) lost(%) ttl flags response ---------------------------------------------------------------------------------------------------------------------------- 1.0.0.1 1.894 1.266 2.939 0.379 %0 296 QR -- -- RD RA -- -- NOERROR 1.1.1.1 1.908 1.520 2.201 0.196 %0 120 QR -- -- RD RA -- -- NOERROR 2606:4700:4700::1001 0.000 0.000 0.000 0.000 %100 N/A -- -- -- -- -- -- -- No Response 2606:4700:4700::1111 0.000 0.000 0.000 0.000 %100 N/A -- -- -- -- -- -- -- No Response 195.46.39.39 5.793 2.099 72.987 15.816 %0 299 QR -- -- RD RA -- -- NOERROR 195.46.39.40 2.261 2.094 2.927 0.165 %0 299 QR -- -- RD RA -- -- NOERROR 208.67.220.220 27.596 0.955 167.385 47.660 %0 300 QR -- -- RD RA -- -- NOERROR 208.67.222.222 7.704 0.901 64.004 19.223 %0 300 QR -- -- RD RA -- -- NOERROR 2620:0:ccc::2 0.000 0.000 0.000 0.000 %100 N/A -- -- -- -- -- -- -- No Response 2620:0:ccd::2 0.000 0.000 0.000 0.000 %100 N/A -- -- -- -- -- -- -- No Response 216.146.35.35 4.966 0.935 78.546 17.320 %0 144 QR -- -- RD RA -- -- NOERROR 216.146.36.36 1.031 0.960 1.123 0.038 %0 300 QR -- -- RD RA -- -- NOERROR 209.244.0.3 15.259 1.774 124.221 33.736 %0 300 QR -- -- RD RA -- -- NOERROR 209.244.0.4 5.316 1.687 70.789 15.411 %0 300 QR -- -- RD RA -- -- NOERROR 4.2.2.1 1.889 1.647 2.338 0.156 %0 256 QR -- -- RD RA -- -- NOERROR 4.2.2.2 1.889 1.685 2.416 0.164 %0 256 QR -- -- RD RA -- -- NOERROR 4.2.2.3 1.978 1.746 3.842 0.454 %0 299 QR -- -- RD RA -- -- NOERROR 4.2.2.4 1.847 1.667 2.060 0.106 %0 256 QR -- -- RD RA -- -- NOERROR 4.2.2.5 1.904 1.659 2.777 0.242 %0 256 QR -- -- RD RA -- -- NOERROR 80.80.80.80 59.483 55.177 110.128 11.977 %0 299 QR -- -- RD RA -- -- NOERROR 80.80.81.81 83.756 55.106 585.479 118.100 %0 298 QR -- -- RD RA -- -- NOERROR 8.8.4.4 1.696 1.213 2.780 0.440 %0 238 QR -- -- RD RA -- -- NOERROR 8.8.8.8 1.428 0.957 2.095 0.327 %0 201 QR -- -- RD RA -- -- NOERROR 2001:4860:4860::8844 0.000 0.000 0.000 0.000 %100 N/A -- -- -- -- -- -- -- No Response 2001:4860:4860::8888 0.000 0.000 0.000 0.000 %100 N/A -- -- -- -- -- -- -- No Response 9.9.9.9 35.629 1.043 195.800 56.856 %0 300 QR -- -- RD RA -- -- NOERROR 2620:fe::fe 0.000 0.000 0.000 0.000 %100 N/A -- -- -- -- -- -- -- No Response 149.112.112.112 6.447 1.021 98.257 21.628 %0 300 QR -- -- RD RA -- -- NOERROR 64.6.64.6 14.490 1.025 168.195 39.980 %0 300 QR -- -- RD RA -- -- NOERROR 64.6.65.6 22.393 6.697 130.100 38.143 %0 299 QR -- -- RD RA -- -- NOERROR 8.26.56.26 24.790 8.006 177.449 47.292 %0 300 QR -- -- RD RA -- -- NOERROR 8.20.247.20 9.632 8.083 20.463 2.934 %0 299 QR -- -- RD RA -- -- NOERROR
You can see that the best performing agents are the DynDNS server 216.146.36.36 with average response of 1.0.31 ms, followed by the Google 8.8.8.8 with response 1.428 ms.
Dnsdiag comes with three very useful DNS related troubleshooting and measurements utilities that let you measure DNS resolution time, identify the routing you take to a DNS server, and also compare several DNS servers in terms of response time and failed queries. If DNS troubleshooting is something that you do a lot (and many of you do), then you should look more into the nitty gritty details of all of them.
