DNS troubleshooting tools

When your DNS is not working, your servers will not be able to communicate with each other. This means, your online customers will not be unable to access your website or avail of your web services like send an email, chat online, watch video streaming, etc. And this will surely have an impact on your online business. During these circumstances, it is very important to learn how to do DNS troubleshooting. In DNS troubleshooting the first thing that has to be done is to identify your DNS status and hierarchical structure, and one of the easiest and most useful ways to do this is by using the DNS query tool called dig.

Dig is a command-line tool developed by BIND for querying DNS nameservers. It can identify IP address records, record the query route as it obtains answers from an authoritative nameserver, and diagnose other DNS problems. Dig is available to use for any Linux/Unix and Mac operating systems. It can also be used in a Windows operating system by downloading the latest BIND package from this website. By default, dig sends the DNS query to name servers listed in the resolver (/etc/resolv.conf) unless it is asked to query a specific name server.

Dig Basic Syntax

dig [server] [name] [type]

  • [server] – this argument specifies the IP address or name of the server on which the query will be performed. This argument is optional. By default, dig uses the name server listed in /etc/resolv.conf file, if no server argument is provided. To specify a value for the server argument, an at symbol (@) should be written before the IP address or name of the server.
  • [name] – this argument specifies the domain name that will be queried. This argument is required.
  • [type] – this argument identifies the specific type of name resolution service to be requested by dig. This argument is optional. By default, dig performs A record name resolution, if no type argument is specified. Below are the types of name resolution that can be performed by dig together with their corresponding type argument values.
    1. A record – a
    2. MX record – mx
    3. SOA record – soa 
    4. NS record – ns
    5. CNAME record – cname
    6. TXT record – txt
    7. All DNS record – any
    8. PTR record – see notes below

Note: PTR record name resolution is simply a reverse DNS lookup.  In order for dig to perform the reverse DNS lookup, it has to follow a different syntax: dig -x [IP address]. The -x option actually allows you to specify an IP address instead of a domain name.

Understanding Dig Output

Below is an example of output for a dig query using the command: “dig example.com”:

  1. The first section of the output prints the version of dig installed and the domain name queried; and the global options that have been applied to all of the domain queries (by default, command or +cmd). This output can be excluded by adding “+nocmd” option right after the dig command.
  2. The next section includes technical details about the answer received from the requested authority (DNS server). The header shows a) the opcode (the operation performed by dig) which can be a query, inverse query, or status b) the status of the operation, which can be NOERROR, NXDOMAIN, REFUSED, SERVEFAIL, etc. wherein NOERROR means that the requested authority served the query without any issue, c) a random id number that ties the request and the response, d) the flags, which are: qr rd ra, which stand for query, recursion desired, and recursion available, and the number of queries, answers, authoritative nameservers, and additional information. This output can be disabled by adding “+nocomments” option on the dig command. Note however that, the headers of other output sections will also be removed.
  3. The OPT PSEUDOSECTION is a section added due to the Extension mechanisms for DNS (EDNS). EDNS transmits extended data and flags by extending the size of the User Datagram Protocol (UDP) packets. EDNS version of “0” indicates full conformance with EDNS0. EDNS flags can have a value of “do” which indicates that “DNSSEC OK” is set. Finally, UDP indicates the overall size of the UDP packet. This output can be excluded by adding “+noedns” option on the dig command. OPT – corresponds to options.
  4. The “QUESTION” section explicitly indicated the type of query that is being performed. By default, if the type is not specified, the dig will request for the A record. This output can be disabled by adding “+noquestion” option on the dig command.
  5. The “ANSWER” section is the main output of the dig query. By default dig, this section will provide the A record containing the desired answer IP address. This output can be excluded by adding “+noanswer” option on the dig command. However, it will not make sense to turn off this section.
  6. The “AUTHORITY” section (not shown in the example) tells us what server(s) has the authority for answering DNS queries for the queried domain. This output can be disabled by adding “+noauthority” option on the dig command.
  7. The “ADDITIONAL” section provides information about the IP addresses of the authoritative DNS servers. This output can be excluded by adding “+noadditional” option on the dig command.
  8. The last section of the output is the statistics section. The statistics include: (a) the query time (also known as the roundtrip time) or the time it takes from query to response, (b) the server, which specifies the IP Address and port number of the DNS server that responded and resolved the query. In this case, it points to the router that acts as the local caching stub resolver, which then forwards the request to whichever upstream DNS servers are configured. (c) when which specifies the time and date when the request was made, and d) msg size rcvd, which specifies the size of the message received from the DNS server. This output can be disabled by adding the “+nostats” option on the dig command.

Dig Expanded Syntax

Dig has additional options that allow it to obtain more DNS information or to customize the format of the output. This can be done by having additional arguments, which will have extended syntax in the form of:

dig [server] [name] [type] [additional options]

Here are some additional ways on how to use dig by using the expanded syntax.

Obtain the TLL information

Dig allows reporting of time to live (TTL) values. Recall that TTL is the time set by the authoritative server that limits the caching of given resource records in the Domain Name System (DNS). This output can be enabled by adding the “ttl” option on the dig command. 
For example: dig example.com ttl

Trace DNS lookup process

Dig allows tracing of the whole DNS lookup pathway of the query. It will start the query of DNS servers from the root, down the name servers using iterative queries following referrals. This output can be enabled by adding the “+trace” option on the dig command. 
For example: dig example.com +trace

Report a short answer

A usual dig output has many sections containing different information in it. However, if you only want to see your desired answer to your query, you may be able to cut down the information from the output by adding the “+short” option on the dig command. By default, this will only display the IP address (A record) of the domain name, unless you specify the record type.
For example: dig example.com +short

Report a specific answer

Similar to reporting a short answer, you can also customize the output to display a specific section. This is done by adding the “+noall +<section>” option on the dig command, wherein <section> can be:
1. comments – to display only the comment section
2. edns – to display only the opt pseudosection
3. question – to display only the question section
4. answer – to display only the answer section
5. authority – to display only the authority section
6. additional – to display only the additional section
7. stats – to display only the statistics section
For example: dig example.com +noall +answer +stats

Note: The +noall option actually disables displaying ALL the sections, except the first 2 lines of the output (i.e. the dig version, the domain name queried, and the global options). It is also possible to have at least one section option on the dig command, like the one given in the example.

Other DNS Query Tools

There are also other DNS query tools besides dig, for example, nslookup, host, and whois. Both nslookup and host are also command-line tools and have overlapping functionality as dig. But what makes dig the most comprehensive among the 3, is its wider range of control commands. To know more details regarding the dig command-line and its control commands, please check out this link from BIND. Even so, nslookup and host also have few advantages over dig.

Nslookup has 2 modes: the interactive mode, and the non-interactive mode. The interactive mode is enabled by simply entering “nslookup”. This allows users to enter the nslookup command prompt which enables users to issue multiple nslookup queries. Once inside the interactive mode, the user can simply enter and query different domain names without having to write “nslookup” again and again. The user can also set the type of query prior to querying domain names, and this is done by “set query = <type>”. 

Host is the most “human-friendly” output among the three, since its default output is in verbose format, i.e. written in an English grammar format. The syntax is: “host <domain name>”. Although, a host can also change the format of the output to have a similar format as dig’s output by adding the -v option, i.e. host -v <domain name>. Similar to dig, a host can also specify the type of query by using the -t option, i.e. host -t <type> <domain name>.

Whois is a lookup command that returns a whois record. A whois record is a record that contains all the contact information associated with the person, company, or other entity that registered the domain name. A typical whois record will contain the following information:

  • The name and contact information of the registrant. Registrant is the owner of the domain.
  • The name and contact information of the registrar. Registrar is the organization that registered the domain name.
  • The name and contact information of the TLD domain manager.
  • The domain registration date and expiration date.

You can make whois requests on the web, but you can also perform whois lookups using the command prompt. You can do this by using the syntax: whois <domain name>.