Skip to main content

What is dnstracer


What is dnstracer



dnstracer determines where a given Domain Name Server (DNS) gets its information from, and follows the chain of DNS servers back to the servers which know the data.


Examples



Simple example for www.mavetju.org




[~] edwin@k7>dnstracer www.mavetju.org
Tracing to www.mavetju.org via 127.0.0.1, timeout 15 seconds
127.0.0.1 (127.0.0.1)
 |\___ B.ROOT-SERVERS.NET [.] (128.9.0.107)
 |     |\___ M.GTLD-SERVERS.NET [org] (202.153.114.101)
 |     |     |\___ NS2.SECONDARY.COM [mavetju.org] (198.133.199.4) Got authoritative answer
 |     |      \___ NS1.SECONDARY.COM [mavetju.org] (198.133.199.3) Got authoritative answer
 |     |\___ E.GTLD-SERVERS.NET [org] (192.12.94.30)
 |     |     |\___ NS2.SECONDARY.COM [mavetju.org] (198.133.199.4) (cached)
 |     |      \___ NS1.SECONDARY.COM [mavetju.org] (198.133.199.3) (cached)
 |     |\___ K.GTLD-SERVERS.NET [org] (213.177.194.5)
 |     |     |\___ NS2.SECONDARY.COM [mavetju.org] (198.133.199.4) (cached)
 |     |      \___ NS1.SECONDARY.COM [mavetju.org] (198.133.199.3) (cached)
[...]
 |      \___ A.GTLD-SERVERS.NET [org] (192.5.6.30)
 |           |\___ NS2.SECONDARY.COM [mavetju.org] (198.133.199.4) (cached)
 |            \___ NS1.SECONDARY.COM [mavetju.org] (198.133.199.3) (cached)
 |\___ F.ROOT-SERVERS.NET [.] (192.5.5.241)
 |     |\___ M.GTLD-SERVERS.NET [org] (202.153.114.101) (cached)
 |     |\___ E.GTLD-SERVERS.NET [org] (192.12.94.30) (cached)
 |     |\___ K.GTLD-SERVERS.NET [org] (213.177.194.5) (cached)
 |     |\___ J.GTLD-SERVERS.NET [org] (210.132.100.101) (cached)
 |     |\___ F.GTLD-SERVERS.NET [org] (192.35.51.30) (cached)
[...]
 |      \___ A.GTLD-SERVERS.NET [org] (192.5.6.30) (cached)
 |\___ G.ROOT-SERVERS.NET [.] (192.112.36.4)
 |     |\___ M.GTLD-SERVERS.NET [org] (202.153.114.101) (cached)
[...]


This trace is done after a clean start of the DNS server. That means that there is no data available, except the zones the server is authoritive for and the root-servers.


This DNS server doesn't know anything about mavetju.org, so it forwards returns pointers to the root-servers. The root-servers forward us to the global-top-level-domain-servers, the ones which handle for example .com, .org, .net and the country domains.


The zone for mavetju.org is hosted by Secondary.com, and that is the one which is giving us answers. The answers are cached so we don't ask unnecessary requests.


Using a different server to start with



To prevent too much information (the example above would have generated 480 lines output), we can specify a server to start with: 




[~] edwin@k7>dnstracer -o -s m.gtld-servers.net www.mavetju.org
Tracing to www.mavetju.org via m.gtld-servers.net, timeout 15 seconds
m.gtld-servers.net (202.153.114.101) 
 |\___ NS2.SECONDARY.COM [mavetju.org] (198.133.199.4) Got authoritative answer
  \___ NS1.SECONDARY.COM [mavetju.org] (198.133.199.3) Got authoritative answer

NS1.SECONDARY.COM (198.133.199.3)       www.mavetju.org -> topaz.mavetju.org
NS1.SECONDARY.COM (198.133.199.3)       topaz.mavetju.org -> 212.204.230.141
NS2.SECONDARY.COM (198.133.199.4)       www.mavetju.org -> topaz.mavetju.org
NS2.SECONDARY.COM (198.133.199.4)       topaz.mavetju.org -> 212.204.230.141



The option -s specifies the server. The name of the server can be replaced by an IP address or with a dot (.) to indicate it should use A.ROOT-SERVERS.NET. The option -o displays an overview of the received answers at the end of the run.


PTR records



PTR records have to be specified the same as `normal' PTR records: either with the .in-addr.arpa or the ip6.int suffix. 




[~] edwin@k7>dnstracer -q ptr 1.0.0.127.in-addr.arpa
Tracing to 1.0.0.127.in-addr.arpa via 127.0.0.1, timeout 15 seconds
127.0.0.1 (127.0.0.1) Got authoritative answer 

127.0.0.1 (127.0.0.1)                   1.0.0.127.in-addr.arpa -> localhost.mavetju.org



SOA records



Are used normally, but they give a somewhat longer output with the serial number, the mname and rname fields. 




[~] edwin@k7>dnstracer -q soa -o mavetju.org
Tracing to mavetju.org via 127.0.0.1, timeout 15 seconds
127.0.0.1 (127.0.0.1) 
 |\___ ns2.mavetju.org [mavetju.org] (198.133.199.3) Got authoritative answer 
  \___ ns3.mavetju.org [mavetju.org] (198.133.199.4) Got authoritative answer 

ns3.mavetju.org (198.133.199.4)         mavetju.org -> serial: 30548 mname: ns2.mavetju.org rname: hostmaster.mavetju.org
ns2.mavetju.org (198.133.199.3)         mavetju.org -> serial: 30548 mname: ns2.mavetju.org rname: hostmaster.mavetju.org



Timeouts and broken servers




[~] edwin@k7>dnstracer -q cname -s M.GTLD-SERVERS.NET fataldimensions.nl.eu.org
Tracing to fataldimensions.nl.eu.org via M.GTLD-SERVERS.NET, timeout 15 seconds
M.GTLD-SERVERS.NET (202.153.114.101) 
 |\___ AUTH1.DNS.ELM.NET [eu.org] (206.131.200.70) Got authoritative answer 
 |\___ RELAY-1.FTEL.CO.UK [eu.org] (192.65.220.24) 
 |     |\___ ns.cistron.nl [nl.eu.org] (195.64.65.25) Got authoritative answer 
 |     |\___ ns.lf.net [nl.eu.org] (212.9.160.1) Lame server 
 |     |\___ ns.eu.org [nl.eu.org] (137.194.2.218) Lame server 
 |     |\___ ns2.ispi.net [nl.eu.org] (206.131.193.15) Got answer 
 |     |\___ ns.patriots.net [nl.eu.org] (206.131.200.40) Got authoritative answer 
 |      \___ auth1.dns.elm.net [nl.eu.org] (206.131.200.70) (cached)
 |\___ NS2.GANDI.NET [eu.org] (212.73.209.247) 
 |     |\___ ns.cistron.nl [nl.eu.org] (195.64.65.25) (cached)
 |     |\___ ns.lf.net [nl.eu.org] (194.64.4.1) * * * 
 |     |\___ ns.eu.org [nl.eu.org] (137.194.2.218) Lame server 
 |     |\___ ns2.ispi.net [nl.eu.org] (206.131.193.15) (cached)
 |     |\___ ns.patriots.net [nl.eu.org] (206.131.200.40) (cached)
 |      \___ auth1.dns.elm.net [nl.eu.org] (206.131.200.70) (cached)
[...]



The DNS server ns.eu.org is according to RELAY-1.FTEL.CO.UK authoritive for nl.eu.org, but the server doesn't return any answer records. It does however return authority records in which it has itself in it.


The *'s in the output means that there wasn't an answer on the request. By default there is three retries.


Multiple additional records, or absence of them



If there are no additional records for a DNS server, the IP address is being retrieved via a standard gethostbyname().


If there are multiple additional records for a DNS server they are both tested. For example with munnari.OZ.au: 



[~] edwin@k7>dnstracer www.telstra.com.au
Tracing to www.telstra.com.au via 127.0.0.1, timeout 15 seconds
127.0.0.1 (127.0.0.1) 
 |\___ NS.UU.NET [au] (137.39.1.3) 
 |     |\___ yalumba.connect.com.au [com.au] (203.8.183.1) Got answer
 |     |     |\___ muwaya.ucs.unimelb.EDU.au [telstra.com.au] (128.250.20.2) Got authoritative answer 
 |     |     |\___ munnari.OZ.au [telstra.com.au] (128.250.1.21) Got authoritative answer 
 |     |     |\___ munnari.OZ.au [telstra.com.au] (128.250.22.2) Got authoritative answer 
 |     |     |\___ ns2.telstra.com.au [telstra.com.au] (202.12.144.11) Got authoritative answer 
 |     |      \___ ns.telstra.com.au [telstra.com.au] (202.12.144.10) Got authoritative answer 
[...]



Authoritative and non-authoritative answers



Authoritative answers are answers coming from the server which is authoritative for the zone. If the answer is cached by other servers (which is the nature of the DNS system), then the answer is still valid but non-authoritative.


See also that yalumba.connect.com.au doesn't return an authoritative answer, but it knows the answer. The authoritative answer came from one of the servers below it.

[~] edwin@k7>dnstracer www.telstra.com.au Tracing to www.telstra.com.au via 127.0.0.1, timeout 15 seconds 127.0.0.1 (127.0.0.1) |\___ NS.UU.NET [au] (137.39.1.3) | |\___ yalumba.connect.com.au [com.au] (203.8.183.1) Got answer | | |\___ muwaya.ucs.unimelb.EDU.au [telstra.com.au] (128.250.20.2) Got authoritative answer | | |\___ munnari.OZ.au [telstra.com.au] (128.250.1.21) Got authoritative answer [...] 

 

 


Back to the General Tools menu

 http://www.mavetju.org

Comments

Post a Comment

silahkan tinggalkan komentar yang sopan.
terima kasih

Popular posts from this blog

Kivandanu, Could one of our premium services help you?

http://srudut.com 2011/2/22 John Dalt < John@galtstock.com > You are receiving this message, because you have subscribed to the newslettera1 newsletter on Monday, January 17th, 2011. To ensure that you continue to receive emails from us, add John@galtstock.com to your address book promptly.         Galtstock       Research for Online Investors HOME       ARCHIVE     NEWS      RESOURCES       DIVERSIONS Monday Morning The market set a new 52-week high Friday...where does it end?  Today reports out of Libya don't sound promising.  Protesters have burned the General Assembly building.  BP is evacuating their personnel. Guddafi is reported to be heading to Venezuela. There were also reports yesterday of protests in China.  The police quickly arrested any suspicious actors.  Suffice it to say, this is not a market you can buy and forget.   There are plenty of moving pieces to keep track of...problems and opportuni
Post a Comment
Read more

Download Qari/Reciters and Translations, Al-Quran ReadPen Data

  Al-Quran ReadPen Data Download Qori/Reciters and Translations   Qori/Reciter Files Sr. Qori/Reciter Name File Size Updates 01. Al Sheikh Ali Abdul Rahman Al Huzaifi 222 MB 17 Mar 2012 02. Al Sheikh Abdul Basit 'Abd us-Samad 387 MB 19 Mar 2012 03. Al Sheikh Mishary bin Rashid Al-Afasy 228 MB 13 Mar 2012 04. Al Sheikh Ahmad Ali Mohammad ‘al Soulayman Al Ajamy 212 MB 17 Mar 2012 05. Al Sheikh Salaah bin Muhammad Al Budair 164 MB 17 Mar 2012 06. Al Sheikh Mohammed Al-Alim Al-Dokhail 417 MB 07 Oct 2011 07. Al Sheikh Sa’ad Al-Ghamdi 201 MB 13 Mar 2012 08. Al Sheikh Mahmoud Khal
9 comments
Read more