Linux for Network Engineers: How to Use DNSping

Continuing our coverage of ping-verse, after pathping, fping, gping, prettyping, nping, today we’ll talk about dnsping! There is more to come…

As its name reveals, dnsping is a utility that is focused in probing, troubleshooting, and measuring response time of DNS servers. Let’s see how you can install it and how you can use it.

The easy way to install it with the following:

apt-get install dnsdiag

Actually, dnsping is part of a package that also includes dnstraceroute and dnseval as we’ll see below.

As usually, to make sure you get the latest version of, it’s better to install from github as follows:

git clone https://github.com/farrokhi/dnsdiag.git
cd dnsdiag
pip3 install -r requirements.txt

If you are missing pip3 you can install it with sudo apt-get -y install python3-pip

At this point you should be able to see the three executables, dnsping.py, dneval.py, and dnstraceroute.py in the dnsdiag directory.

Usage

By using the --help on any of dnsping.py, dnseval.py, and dnstraceroute.py you get all the different options available for each utility. The help output is well document and the options are pretty much self explanatory.

In its simplest form, you can run the following test:

netbeez.net$ ./dnsping.py google.com
dnsping.py DNS: 127.0.0.53:53, hostname: google.com, proto: UDP, rdatatype: A, flags: RD
55 bytes from 127.0.0.53: seq=1   time=0.325 ms
55 bytes from 127.0.0.53: seq=2   time=0.310 ms
55 bytes from 127.0.0.53: seq=3   time=0.308 ms
55 bytes from 127.0.0.53: seq=4   time=0.450 ms
55 bytes from 127.0.0.53: seq=5   time=0.373 ms
55 bytes from 127.0.0.53: seq=6   time=0.368 ms
55 bytes from 127.0.0.53: seq=7   time=0.384 ms
55 bytes from 127.0.0.53: seq=8   time=0.376 ms
55 bytes from 127.0.0.53: seq=9   time=0.312 ms
55 bytes from 127.0.0.53: seq=10  time=0.303 ms

--- 127.0.0.53 dnsping statistics ---
10 requests transmitted, 10 responses received, 0% lost
min=0.303 ms, avg=0.351 ms, max=0.450 ms, stddev=0.048 ms

This looks a lot like the regular ping output, but in this case, dnsping reports how long it takes to resolve “google.com” by using the system’s default servers. 

There are several flags you can use to customize your results. For example:

netbeez.net$ ./dnsping.py --tcp --server 1.1.1.1  --count 5 baidu.com
dnsping.py DNS: 1.1.1.1:53, hostname: baidu.com, proto: TCP, rdatatype: A, flags: RD
70 bytes from 1.1.1.1: seq=1   time=4.816 ms
70 bytes from 1.1.1.1: seq=2   time=2.806 ms
70 bytes from 1.1.1.1: seq=3   time=5.005 ms
70 bytes from 1.1.1.1: seq=4   time=2.147 ms
70 bytes from 1.1.1.1: seq=5   time=2.567 ms

--- 1.1.1.1 dnsping statistics ---
5 requests transmitted, 5 responses received, 0% lost
min=2.147 ms, avg=3.468 ms, max=5.005 ms, stddev=1.340 ms

Uses TCP as transport protocol for the test, use the DNS server 1.1.1.1 and does 5 tests. You can explore the rest of the options easily by playing with them.

Dnstraceroute traces the hop-by-hop information to the DNS server used to do a query. This helps you understand if your DNS traffic goes through any unexpected route.

Here is what it looks like:

netbeez.net$ sudo ./dnstraceroute.py --expert --asn --type A --server 209.244.0.3 baidu.com
dnstraceroute.py DNS: 209.244.0.3:53, hostname: baidu.com, rdatatype: A
1        *
2        *
3        *
4        *
5        *
6       100.65.13.129 (100.65.13.129) 1.031 ms
7       52.93.29.45 (52.93.29.45) 2.014 ms
8       100.100.30.82 (100.100.30.82) 1.967 ms
9       100.95.23.225 (100.95.23.225) 1.797 ms
10      100.95.7.97 (100.95.7.97) 2.556 ms
11       *
12      100.65.15.1 (100.65.15.1) 1.114 ms
13       *
14      54.239.109.117 (54.239.109.117) [AS16509 AMAZON-02, US] 3.037 ms
15      resolver1.level3.net (209.244.0.3) [AS3356 LEVEL3, US] 247.246 ms

=== Expert Hints ===
 [*] No expert hint available for this trace

The options I used are self explanatory. The --expert option is supposed to print warnings for detected events such as hijacking, but I haven’t seen it in practice giving any useful information (also because there is nothing out of the ordinary going on).

Finally, dnseval.py gives you an easy way to compare multiple DNS servers. To begin, put the DNS servers you want to compare in a file (e.g. servers.txt) one server on each line.

To try to compare apples to apples as much as possible, for LFT we use the IP traceroute targeted for www.google.com

netbeez.net$ echo 1.1.1.1 > servers.txt
netbeez.net$ echo 8.8.8.8 >> servers.txt
netbeez.net$ echo 209.244.0.3 >> servers.txt
<code>

Then use the utilite as follows:

Then use the utility as follows:

netbeez.net$ ./dnseval.py --count 20 --file servers.txt baidu.com
server          avg(ms)     min(ms)     max(ms)     stddev(ms)  lost(%)  ttl        flags                  response
-------------------------------------------------------------------------------------------------------------------
1.1.1.1         1.454       1.078       1.790       0.193       %0       585        QR -- -- RD RA -- --   NOERROR
8.8.8.8         1.139       0.927       1.495       0.175       %0       574        QR -- -- RD RA -- --   NOERROR
209.244.0.3     1.888       1.650       2.180       0.159       %0       322        QR -- -- RD RA -- --   NOERROR

    1.987       1.739       2.312       0.179       %0       405        QR -- -- RD RA -- --   NOERROR

In the installation directory there is a file public-servers.txt that contains several well known public DNS servers. Here is what it looks like to use dnseval.py on that file:

netbeez.net$  ./dnseval.py --count 20 --file public-servers.txt ripe.net
server                   avg(ms)     min(ms)     max(ms)     stddev(ms)  lost(%)  ttl        flags                  response
----------------------------------------------------------------------------------------------------------------------------
1.0.0.1                  1.894       1.266       2.939       0.379       %0       296        QR -- -- RD RA -- --   NOERROR
1.1.1.1                  1.908       1.520       2.201       0.196       %0       120        QR -- -- RD RA -- --   NOERROR
2606:4700:4700::1001     0.000       0.000       0.000       0.000       %100     N/A        -- -- -- -- -- -- --   No Response
2606:4700:4700::1111     0.000       0.000       0.000       0.000       %100     N/A        -- -- -- -- -- -- --   No Response
195.46.39.39             5.793       2.099       72.987      15.816      %0       299        QR -- -- RD RA -- --   NOERROR
195.46.39.40             2.261       2.094       2.927       0.165       %0       299        QR -- -- RD RA -- --   NOERROR
208.67.220.220           27.596      0.955       167.385     47.660      %0       300        QR -- -- RD RA -- --   NOERROR
208.67.222.222           7.704       0.901       64.004      19.223      %0       300        QR -- -- RD RA -- --   NOERROR
2620:0:ccc::2            0.000       0.000       0.000       0.000       %100     N/A        -- -- -- -- -- -- --   No Response
2620:0:ccd::2            0.000       0.000       0.000       0.000       %100     N/A        -- -- -- -- -- -- --   No Response
216.146.35.35            4.966       0.935       78.546      17.320      %0       144        QR -- -- RD RA -- --   NOERROR
216.146.36.36            1.031       0.960       1.123       0.038       %0       300        QR -- -- RD RA -- --   NOERROR
209.244.0.3              15.259      1.774       124.221     33.736      %0       300        QR -- -- RD RA -- --   NOERROR
209.244.0.4              5.316       1.687       70.789      15.411      %0       300        QR -- -- RD RA -- --   NOERROR
4.2.2.1                  1.889       1.647       2.338       0.156       %0       256        QR -- -- RD RA -- --   NOERROR
4.2.2.2                  1.889       1.685       2.416       0.164       %0       256        QR -- -- RD RA -- --   NOERROR
4.2.2.3                  1.978       1.746       3.842       0.454       %0       299        QR -- -- RD RA -- --   NOERROR
4.2.2.4                  1.847       1.667       2.060       0.106       %0       256        QR -- -- RD RA -- --   NOERROR
4.2.2.5                  1.904       1.659       2.777       0.242       %0       256        QR -- -- RD RA -- --   NOERROR
80.80.80.80              59.483      55.177      110.128     11.977      %0       299        QR -- -- RD RA -- --   NOERROR
80.80.81.81              83.756      55.106      585.479     118.100     %0       298        QR -- -- RD RA -- --   NOERROR
8.8.4.4                  1.696       1.213       2.780       0.440       %0       238        QR -- -- RD RA -- --   NOERROR
8.8.8.8                  1.428       0.957       2.095       0.327       %0       201        QR -- -- RD RA -- --   NOERROR
2001:4860:4860::8844     0.000       0.000       0.000       0.000       %100     N/A        -- -- -- -- -- -- --   No Response
2001:4860:4860::8888     0.000       0.000       0.000       0.000       %100     N/A        -- -- -- -- -- -- --   No Response
9.9.9.9                  35.629      1.043       195.800     56.856      %0       300        QR -- -- RD RA -- --   NOERROR
2620:fe::fe              0.000       0.000       0.000       0.000       %100     N/A        -- -- -- -- -- -- --   No Response
149.112.112.112          6.447       1.021       98.257      21.628      %0       300        QR -- -- RD RA -- --   NOERROR
64.6.64.6                14.490      1.025       168.195     39.980      %0       300        QR -- -- RD RA -- --   NOERROR
64.6.65.6                22.393      6.697       130.100     38.143      %0       299        QR -- -- RD RA -- --   NOERROR
8.26.56.26               24.790      8.006       177.449     47.292      %0       300        QR -- -- RD RA -- --   NOERROR
8.20.247.20              9.632       8.083       20.463      2.934       %0       299        QR -- -- RD RA -- --   NOERROR

You can see that the best performing agents are the DynDNS server 216.146.36.36 with average response of 1.0.31 ms, followed by the Google 8.8.8.8 with response 1.428 ms.

Dnsdiag comes with three very useful DNS related troubleshooting and measurements utilities that let you measure DNS resolution time, identify the routing you take to a DNS server, and also compare several DNS servers in terms of response time and failed queries. If DNS troubleshooting is something that you do a lot (and many of you do), then you should look more into the nitty gritty details of all of them.