Linux for Network Engineers: How to Resolve a Host and Test DNS Servers

By October 31, 2018Linux

DNS resolution is one of the most basic functionalities on any host. On Linux, there are multiple ways to test if DNS works, and in this post we’ll review how DNS servers are configured and what commands you can use to test them.

DNS server configuration

Every host needs to have a list of DNS server IPs, and, in most cases, this list comes from the DHCP lease. To see which DNS servers your Linux box is configured with, you have to look at the file “/etc/resolv.conf” as follows:

Local domain name: local.netbeez.net

If you try to resolve an address that has no dots in it (e.g. webpage1), then the resolver will automatically append local.netbeez.net (webpage1.local.netbeez.net) and try to resolve it. When the hostname of the machine contains a ‘.’ (e.g. raspberry.local.netbeez.net) then the local domain name becomes the suffix (local.netbeez.net) of the hostname.

Default search domain: local.netbeez.net and attlocal.net

This is like a superset of the local domain name. You can specify up to 6 domains with a total of 256 characters. If “webpage1”, the resolver will automatically append local.netbeez.net (webpage1.local.netbeez.net) and try to resolve it. If this fails, it will then try attlocal.net (webpage1.attlocal.net).

Nameservers: 8.8.8.8, 192.168.0.1

These are the DNS servers used to resolve web addresses. You can list up to three, and the resolver tries each of them, one by one, until it finds one that works. You may recognized the Google DNS server 8.8.8.8, and 192.168.0.1 is my home router, which also works as a DNS server.

Of course, you’d have to set up your DHCP server to provide all this information to every DHCP request. But you are also able to edit /etc/resolv.conf and change those values. Keep in mind that they will be overwritten the next time a new DHCP lease is provided – unless you specify a static IP configuration on the agent (we’ll cover that in a future post).

How to resolve a URL

Now let’s see how we can test if DNS is working. We’ll also cover how to test specific DNS servers to see if they work and, if so, how fast they are.

There are several commands to do this, but below I will review the most common ones. If any of the following commands are not available on your Linux host, then install them with the following command:

host

The syntax and output are as follows:

As you can see, host gives the IPv4 and IPv6 addresses for google.com as well as information about its mail servers.

All of these commands can do a reverse lookup if you give the IP address as follows:

Like most commands, host has many options that help you slice and dice the output, or even get a more detailed and verbose output. For example, try adding the “-a” option (stands for “all”) and see what you get: host -a google.com

If you want to test a specific DNS server (other than the ones listed in your /etc/resolv.conf) then you can add its IP at the end of the command as follows:

nslookup

nslookup is very similar to host, but with a twist. In its basic form it resolves an address just like host, although the output is a bit different:

As you can see, nslookup tells us which server has been used for the lookup (8.8.8.8 in the first query above, and 1.0.0.1 in the second one).

The twist is that nslookup has an interactive mode which you can use if you just type “nslookup” without any arguments. From that point, you can just type the webpage you want to resolve and hit enter. This way, you can resolve multiple pages without having to type “nslookup” all the time. To exit the interactive move type “exit” or hit Ctrl-C.

dig

dig stands for Domain Information Groper. The only syntax difference with the previous two commands is that when you provide a DNS server, you use the ‘@’ symbol:

As you can see, dig is much more verbose than the previous two commands. I am not going to break down every single output line; the most important difference is that dig provided the time it took to complete this query (“Query time:”). dig is the only one that does that out of the box.

As you may know, DNS resolution time is part of the user experience, and often we need to measure the performance of different DNS servers. You can see above that resolving google.com with both 8.8.8.8 and 1.0.0.1 takes around 100 mseconds. If instead I use my router (192.168.0.1) as the DNS server I get the following:

You see that it took only 17 mseconds. Of course, my home router won’t be able to resolve everything that is thrown at it, nonetheless it’s much faster for the address it has cached (which is expected).