DNS trace

From I Will Fear No Evil
Jump to navigation Jump to search

Dig and DNS examples

Find authoritative NS servers

dig -t SOA +trace iwillfearnoevil.com @1.1.1.1

; <<>> DiG 9.11.3-1ubuntu1.18-Ubuntu <<>> -t SOA +trace iwillfearnoevil.com @1.1.1.1
;; global options: +cmd
.			510138	IN	NS	a.root-servers.net.
.			510138	IN	NS	b.root-servers.net.
.			510138	IN	NS	c.root-servers.net.
.			510138	IN	NS	d.root-servers.net.
.			510138	IN	NS	e.root-servers.net.
.			510138	IN	NS	f.root-servers.net.
.			510138	IN	NS	g.root-servers.net.
.			510138	IN	NS	h.root-servers.net.
.			510138	IN	NS	i.root-servers.net.
.			510138	IN	NS	j.root-servers.net.
.			510138	IN	NS	k.root-servers.net.
.			510138	IN	NS	l.root-servers.net.
.			510138	IN	NS	m.root-servers.net.
.			510138	IN	RRSIG	NS 8 0 518400 20230905050000 20230823040000 11019 . aCZT4HsmPvL/A4oe3rtFYjlt7L7SZHmquR0I1pCx28qvuqbz3aDOR0jx +2ZtVF/48qI7vnYfd1BNtBFMYiuWIAxX8XUQlAoG38IOoVv+uo/00JR1 K5+AVaOTcITKQKpmKjfGPLyo5dXEoU/YGSBq2ok4E6VH9+GKGw+AkujW jMYhgL5v2c71EhlPf9HtNAsrb5w4rVY8e7k/sjkWq/c9jt9JRRZkTs6K kelQzD4dk4IPZrOHgifEN9e6TJnMbdFWHbgOWDf0tnILc2iC4ROrfCBH ab0VlnZnM/QoBiiNoCAY7fo0/u8I8lstRh4roirI5alPJhEgO7bOME7o iNuJqA==
;; Received 1097 bytes from 1.1.1.1#53(1.1.1.1) in 5 ms

com.			172800	IN	NS	e.gtld-servers.net.
com.			172800	IN	NS	b.gtld-servers.net.
com.			172800	IN	NS	a.gtld-servers.net.
com.			172800	IN	NS	d.gtld-servers.net.
com.			172800	IN	NS	i.gtld-servers.net.
com.			172800	IN	NS	f.gtld-servers.net.
com.			172800	IN	NS	j.gtld-servers.net.
com.			172800	IN	NS	k.gtld-servers.net.
com.			172800	IN	NS	c.gtld-servers.net.
com.			172800	IN	NS	g.gtld-servers.net.
com.			172800	IN	NS	h.gtld-servers.net.
com.			172800	IN	NS	l.gtld-servers.net.
com.			172800	IN	NS	m.gtld-servers.net.
com.			86400	IN	DS	30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com.			86400	IN	RRSIG	DS 8 1 86400 20230905170000 20230823160000 11019 . AeQGHg8s2aRd2k0sMHcnLFmZWWRTwiHxpjxOyoZL1NmOXcQ0pDTfTZG+ XHQTdRQoLCPXfHziU1r2IDArZDnFrVOXs9jkWE1EZRQW9DBGRxwEDLKD sGDvVhXcjFIEln04bua+MMcCa6mUD2uIDgI55EIS0Tt/KyupSY/Fs90X dm1myejFu5UP1wXt2j8j5MGtEMjTVeRpdlDlH35mx2PXWPrmLKUo/S9e ytZBkE4myXbjREtfJZIkA7nJN8DGa+uhe4e//R3rncM0lbG6gym+B9FG 4KEj7um6T0yVkm2asOex+6WqUDejqrK51SPKRHDMP+h/3NCDBojSsAEt ejhjdw==
;; Received 1179 bytes from 192.5.5.241#53(f.root-servers.net) in 4 ms

iwillfearnoevil.com.	172800	IN	NS	ns1.he.net.
iwillfearnoevil.com.	172800	IN	NS	ns2.he.net.
iwillfearnoevil.com.	172800	IN	NS	ns3.he.net.
iwillfearnoevil.com.	172800	IN	NS	ns4.he.net.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5  NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20230830042423 20230823031423 4459 com. UMk0GP5j78lTU8IOTmT3FeeU6oUk82fjeHyYq/QzI4LGF8WITBLhDcbk Cj0+/frShbgy/hVAos94jmvIH4Yle4EJm5Gq64CBHv6gGYPqGojYAi8N eDPMjPuibhLcEcu2w3tz+/ZTNTA4Y6I8mSv7eMDb1shB3FImuZ7KEmbk y0eqK4Fx4mwwsAppSgfw17BQkHFLnHjtkO/Ou4ifKAdZCg==
44FV9UDCME45BOHJ2F79NN1CC7Q3N4PH.com. 86400 IN NSEC3 1 1 0 - 44FVG51U2TLP7N9K2BLI52L375KOPQSE  NS DS RRSIG
44FV9UDCME45BOHJ2F79NN1CC7Q3N4PH.com. 86400 IN RRSIG NSEC3 8 2 86400 20230830041918 20230823030918 4459 com. hqeJK5+OMoaYhwGs439bNtZ/+zOfl8Y6zMW931uB1AhYZH+plrMBD0Q8 tnKmgMFP31JDEc9qHOJbOxZXH7dI1j3HHI51h5DBj29EOxkAFdFeJp2S ucqAHPYvuNkuXVszPj8apk9AZ6/SuIpTaKWBgkO8z0mcTjjNzHVwK6oG WIFqlfOuNuuCha6wwQbxXP+vkCqz/iYBRXILMXmcugzP9g==
;; Received 675 bytes from 192.41.162.30#53(l.gtld-servers.net) in 78 ms

iwillfearnoevil.com.	172800	IN	SOA	ns1.he.net. hostmaster.he.net. 2023063003 10800 1800 604800 86400
;; Received 105 bytes from 216.218.130.2#53(ns1.he.net) in 25 ms

Find MX records

dig -t MX  iwillfearnoevil.com @1.1.1.1

; <<>> DiG 9.11.3-1ubuntu1.18-Ubuntu <<>> -t MX iwillfearnoevil.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36132
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;iwillfearnoevil.com.		IN	MX

;; ANSWER SECTION:
iwillfearnoevil.com.	3600	IN	MX	20 in2.ghettosmtp.com.
iwillfearnoevil.com.	3600	IN	MX	10 in1.ghettosmtp.com.

;; Query time: 26 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed Aug 23 14:14:47 PDT 2023
;; MSG SIZE  rcvd: 99

Retrieve only IP address

Against A record 

dig +short  radarr.iwillfearnoevil.com
192.168.15.111

If hostname has a CNAME 

dig +short  radarr.iwillfearnoevil.com @1.1.1.1
iwillfearnoevil.com.
50.46.53.70

Retrieve SOA record for domain

Not using a real DNS name as this was related to work, and I really like my job. 

dig -t SOA random.aws.account.com @1.1.1.1

; <<>> DiG 9.11.3-1ubuntu1.18-Ubuntu <<>> -t SOA random.aws.account.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62669
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;random.aws.account.com. IN SOA

;; ANSWER SECTION:
random.aws.account.com. 30 IN CNAME proxy.randomElbValue.elb.us-west-6.amazonaws.com.

;; AUTHORITY SECTION:
elb.us-west-6.amazonaws.com. 900 IN	SOA	ns-1151.awsdns-15.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 60

;; Query time: 200 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed Aug 23 14:21:34 PDT 2023
;; MSG SIZE  rcvd: 241

systemd-resolve show servers

systemd-resolve --status
Global
       LLMNR setting: no                  
MulticastDNS setting: no                  
  DNSOverTLS setting: no                  
      DNSSEC setting: no                  
    DNSSEC supported: no                  
  Current DNS Server: 192.168.15.176      
         DNS Servers: 192.168.15.176      
Fallback DNS Servers: 192.168.15.1        
          DNS Domain: iwillfearnoevil.com 
          DNSSEC NTA: 10.in-addr.arpa     
                      16.172.in-addr.arpa 
                      168.192.in-addr.arpa
                      17.172.in-addr.arpa 
                      18.172.in-addr.arpa 
                      19.172.in-addr.arpa 
                      20.172.in-addr.arpa 
                      21.172.in-addr.arpa 
                      22.172.in-addr.arpa 
                      23.172.in-addr.arpa 
                      24.172.in-addr.arpa 
                      25.172.in-addr.arpa 
                      26.172.in-addr.arpa 
                      27.172.in-addr.arpa 
                      28.172.in-addr.arpa 
                      29.172.in-addr.arpa 
                      30.172.in-addr.arpa 
                      31.172.in-addr.arpa 
                      corp                
                      d.f.ip6.arpa        
                      home                
                      internal            
                      intranet            
                      lan                 
                      local               
                      private             
                      test                

Link 5 (veth6d47c4d)
      Current Scopes: none
DefaultRoute setting: no  
       LLMNR setting: yes 
MulticastDNS setting: no  
  DNSOverTLS setting: no  
      DNSSEC setting: no  
    DNSSEC supported: no  

Link 3 (docker0)
      Current Scopes: none
DefaultRoute setting: no  
       LLMNR setting: yes 
MulticastDNS setting: no  
  DNSOverTLS setting: no  
      DNSSEC setting: no  
    DNSSEC supported: no  

Link 2 (enp2s0)
      Current Scopes: DNS                
DefaultRoute setting: yes                
       LLMNR setting: yes                
MulticastDNS setting: no                 
  DNSOverTLS setting: no                 
      DNSSEC setting: no                 
    DNSSEC supported: no                 
  Current DNS Server: 192.168.10.155     
         DNS Servers: 192.168.15.176     
                      192.168.10.155     
                      192.168.15.1       
          DNS Domain: ~.                 
                      iwillfearnoevil.com
Retrieved from "https://wiki.iwillfearnoevil.com/mediawiki/index.php?title=DNS_trace&oldid=516"