> On Wed, 7 Mar 2001, Paul Lussier wrote:
> > In debugging DNS issues, I'd like to know what servers my DNS lookups are
> > hitting to make sure things are set up correctly.
>
> Briefly: No. The way DNS works does not lend itself to such things.
Briefly, Yes. You just need to install a local DNS cache, such as
dnscache, part of the djbdns package (http://cr.yp.to/djbdns.html). By
installing a local cache/resolver, you can 1) get improved performance
2) examine the log files to see the series of recursive queries necessary
to resolve your lookup. DJB also has several tools that let you see the
sequence of events in a resolution.
Not to re-ignite a previous flame war, but the djbdns tools provide a lot
of powerful tools, even if you do not wish to perminantly run a local
cache (I don't know why you wouldn't), or do not wish to use tinydns for
your authoratative nameserver(s).
--Pete
>
> At length:
>
> It depends on where the recursion occurs. Remember, the average user
> program does not perform DNS recursion. Rather, the server the user program
> queries will do it. If you are deep in a DNS cache hierarchy, recursion may
> in fact occur at multiple levels at different times. In many -- if not most
> -- cases, the client making the initial DNS query is only going to see the end
> result.
> > For instance, I'd like to test that when my main DNS server is down, that
> > my secondary is taking over. I'd like to have the warm fuzzy of
> > traceroute-like output telling me that the query went to a root server,
> > the the .com server, then finally dns2.foo.com.
>
> For what client? A client in your network might normally query an
> authoritative name server for "foo.com" anyway. Some random system on the net
> is going to query some random name server, which is going to actually do the
> recursion. Or the server might have cached entries for the entire period that
> "dns1.foo.com" is unavailable, so you end up testing nothing.
>
> Your best bet is to use dig(1), and manually follow the DNS resolution
> algorithm. Set the +norecurse option. Use a query type of ANY. Query FQDNs
> ending in a period:
>
> foo.com.
> ^--- note period
>
> Start by querying with "@a.root-servers.net". Pick one of the authoritative
> servers it responds with, and query that one. Repeat until you get the list
> of name servers authoritative for "foo.com". Then query *each* and *all* of
> those name servers, and make sure they all report mutually consistent results.
>
> --
> Ben Scott <[EMAIL PROTECTED]>
> Net Technologies, Inc. <http://www.ntisys.com>
> Voice: (800)905-3049 x18 Fax: (978)499-7839
>
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
>
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
