dig +trace to find all the forwarders?
Warren Kumari
warren at kumari.net
Mon Apr 26 14:28:33 UTC 2010
On Apr 26, 2010, at 3:10 AM, Josh Kuo wrote:
> What is happening is I suspect the DNS resolved IP given by my ISP is
> actually forwarding recursive queries to yet-another-server(s), and is
> introducing slow name resolution and timeouts.
Well, if you are just trying to figure out if the nameserver you are
asking is the one doing the resolution, this *might* help you out:
http://www.damia.com/whatismydns/
W
> In any case, I will
> have to involve the ISP in troubleshooting and (hopefully) fixing the
> problem. I was hoping there is some way to mimic "traceroute" with
> "dig +trace", I didn't think so, and Mark confirmed it.
>
> On Sunday, April 25, 2010, Warren Kumari <warren at kumari.net> wrote:
>>
>> On Apr 25, 2010, at 12:01 AM, Josh Kuo wrote:
>>
>>
>> You need administrative access to see the overides to the normal
>> resolution
>> process.
>>
>>
>> Just so I understand this completely, by administrative access you
>> mean I need to be able to log in to each of the resolvers (not
>> administrative access on my local workstation to do a 'sudo dig
>> example.net a +trace'), correct?
>>
>> A follow up question to that... is it even possible to perform such
>> a trace (revealing all resolvers) with the DNS protocol?
>>
>>
>> 'tis not doable[0].
>>
>> What is the root problem that you are trying to solve here? Is this
>> just to know because you want to, or are you trying to solve a
>> specific issue? In the very large majority of cases[1] your machine
>> is going to be querying whatever is configured in your resolv.conf
>> (or equivalent) and those nameservers will go do the resolution for
>> you (as opposed to multiple levels of forwarders).
>>
>>
>> [0]: I have horrid visions of someone responding back with some
>> truly horrendous kludge that involves looking up random strings and
>> querying heaps-o-servers to see if any of them had cached the
>> answer or something equally icky. Actually, you cloud see if the
>> server that you query is the one that actually touches the auth
>> server, but this is all ugly.
>>
>> [1]: No hard data here -- does anyone have any sort of guestimate
>> on fraction of forwarded queries?
>>
>> W
>>
>>
>> Or is this purely a designed limitation of dig?
>> _______________________________________________
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>>
>>
--
Militant Agnostic--I don't know and you don't either...
More information about the bind-users
mailing list