Linux for Network Engineers: How to Resolve a Host and Test DNS Servers

By October 31, 2018Linux

DNS resolution is one of the most basic functionalities on any host. On Linux, there are multiple ways to test if DNS works, and in this post we’ll review how DNS servers are configured and what commands you can use to test them.

DNS server configuration

Every host needs to have a list of DNS server IPs, and, in most cases, this list comes from the DHCP lease. To see which DNS servers your Linux box is configured with, you have to look at the file “/etc/resolv.conf” as follows:

netbeez.net$ cat /etc/resolv.conf
domain local.netbeez.net
search local.netbeez.net attlocal.net
nameserver 8.8.8.8
nameserver 192.168.0.1

Local domain name: local.netbeez.net

If you try to resolve an address that has no dots in it (e.g. webpage1), then the resolver will automatically append local.netbeez.net (webpage1.local.netbeez.net) and try to resolve it. When the hostname of the machine contains a ‘.’ (e.g. raspberry.local.netbeez.net) then the local domain name becomes the suffix (local.netbeez.net) of the hostname.

Default search domain: local.netbeez.net and attlocal.net

This is like a superset of the local domain name. You can specify up to 6 domains with a total of 256 characters. If “webpage1”, the resolver will automatically append local.netbeez.net (webpage1.local.netbeez.net) and try to resolve it. If this fails, it will then try attlocal.net (webpage1.attlocal.net).

Nameservers: 8.8.8.8, 192.168.0.1

These are the DNS servers used to resolve web addresses. You can list up to three, and the resolver tries each of them, one by one, until it finds one that works. You may recognized the Google DNS server 8.8.8.8, and 192.168.0.1 is my home router, which also works as a DNS server.

Of course, you’d have to set up your DHCP server to provide all this information to every DHCP request. But you are also able to edit /etc/resolv.conf and change those values. Keep in mind that they will be overwritten the next time a new DHCP lease is provided – unless you specify a static IP configuration on the agent (we’ll cover that in a future post).

How to resolve a URL

Now let’s see how we can test if DNS is working. We’ll also cover how to test specific DNS servers to see if they work and, if so, how fast they are.

There are several commands to do this, but below I will review the most common ones. If any of the following commands are not available on your Linux host, then install them with the following command:

apt-get install dnsutils

host

The syntax and output are as follows:

netbeez.net$ host google.com
google.com has address 172.217.164.110
google.com has IPv6 address 2607:f8b0:4005:80b::200e
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.

As you can see, host gives the IPv4 and IPv6 addresses for google.com as well as information about its mail servers.

All of these commands can do a reverse lookup if you give the IP address as follows:

netbeez.net$ host 172.217.164.110
110.164.217.172.in-addr.arpa domain name pointer sfo03s18-in-f14.1e100.net.

Like most commands, host has many options that help you slice and dice the output, or even get a more detailed and verbose output. For example, try adding the “-a” option (stands for “all”) and see what you get: host -a google.com

If you want to test a specific DNS server (other than the ones listed in your /etc/resolv.conf) then you can add its IP at the end of the command as follows:

netbeez.net$ host google.com 1.0.0.1
Using domain server:
Name: 1.0.0.1
Address: 1.0.0.1#53
Aliases:
google.com has address 172.217.6.46
google.com has IPv6 address 2607:f8b0:4005:808::200e
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.

nslookup

nslookup is very similar to host, but with a twist. In its basic form it resolves an address just like host, although the output is a bit different:

netbeez.net$ nslookup google.com
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name: google.com
Address: 172.217.164.110

netbeez.net$ nslookup google.com 1.0.0.1
Server:         1.0.0.1
Address:        1.0.0.1#53

Non-authoritative answer:
Name: google.com
Address: 216.58.194.206

As you can see, nslookup tells us which server has been used for the lookup (8.8.8.8 in the first query above, and 1.0.0.1 in the second one).

The twist is that nslookup has an interactive mode which you can use if you just type “nslookup” without any arguments. From that point, you can just type the webpage you want to resolve and hit enter. This way, you can resolve multiple pages without having to type “nslookup” all the time. To exit the interactive move type “exit” or hit Ctrl-C.

netbeez.net$ nslookup
> google.com
Server:        8.8.8.8
Address:       8.8.8.8#53

Non-authoritative answer:
Name: google.com
Address: 172.217.164.110
> netbeez.net
Server:        8.8.8.8
Address:       8.8.8.8#53

Non-authoritative answer:
Name: netbeez.net
Address: 72.52.4.119
> exit

dig

dig stands for Domain Information Groper. The only syntax difference with the previous two commands is that when you provide a DNS server, you use the ‘@’ symbol:

netbeez.net$ dig google.com

; <<>> DiG 9.10.3-P4-Raspbian <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34386
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.   IN A

;; ANSWER SECTION:
google.com.     122 IN A 172.217.164.110

;; Query time: 102 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Oct 30 11:55:40 PDT 2018
;; MSG SIZE rcvd: 55

netbeez.net$ dig google.com @1.0.0.1

; <<>> DiG 9.10.3-P4-Raspbian <<>> google.com @1.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65058
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;google.com.   IN A

;; ANSWER SECTION:
google.com.   172 IN A 216.58.194.206

;; Query time: 93 msec
;; SERVER: 1.0.0.1#53(1.0.0.1)
;; WHEN: Tue Oct 30 11:55:43 PDT 2018
;; MSG SIZE rcvd: 55

As you can see, dig is much more verbose than the previous two commands. I am not going to break down every single output line; the most important difference is that dig provided the time it took to complete this query (“Query time:”). dig is the only one that does that out of the box.

As you may know, DNS resolution time is part of the user experience, and often we need to measure the performance of different DNS servers. You can see above that resolving google.com with both 8.8.8.8 and 1.0.0.1 takes around 100 mseconds. If instead I use my router (192.168.0.1) as the DNS server I get the following:

netbeez.net$ dig google.com @192.168.0.1

; <<>> DiG 9.10.3-P4-Raspbian <<>> google.com @192.168.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26532
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.   IN A

;; ANSWER SECTION:
google.com.   153 IN A 172.217.8.14

;; Query time: 17 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue Oct 30 12:00:33 PDT 2018
;; MSG SIZE rcvd: 55

You see that it took only 17 mseconds. Of course, my home router won’t be able to resolve everything that is thrown at it, nonetheless it’s much faster for the address it has cached (which is expected).