Resolve DNS faults with Dig tools on Linux and Unix

Source: Internet
Author: User
Tags domain name registration website ip

In actual application, DNS resolution errors may occur, that is, when we access a domain name, it cannot be resolved to an IP address, however, you can directly enter the website IP address for normal access, which is caused by a DNS resolution failure..
Common Causes of DNS failure include:

The domain name itself has expired or has been stopped;
The DNS server record of the domain name is incorrect;
The DNS server records of the domain name are not resolved;
The named service is not started on the DNS server of the domain name;
The DNS server of the domain name is not resolved;
Domain name resolution on multiple DNS servers is inconsistent;
The network settings of the DNS server of the domain name prohibit the TCP/UDP protocol of port 53;
The local DNS cache is not updated and is not synchronized with the records on the DNS server.
DNS resolution process:
1) First, find the cache of the local DNS. If the cache contains no longer than the survival time defined by the server or domain name itself, the records in the cache will be returned;
2) If the cache does not exist, or has expired, first query the Internet root server such as a.gtld-servers.net), find out which DNS server is the domain name, if not found, return an error;
3) randomly pick one from the DNS server of the domain name and find its IP address. If no IP address is found, an error is returned;
4) connect to the 53 port of the IP address UDP or TCP protocol), query the domain name, if the connection fails, or the server does not return results, then return an error.
How to determine if the DNS server record of the domain name is incorrect
On Linux/Unix, you can use the dig tool.

dig @a.gtld-servers.net upsdn.net

Return

; <<>> DiG 9.3.2-P1 <<>> @a.gtld-servers.net upsdn.net; (1 server found);; global options: printcmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34265;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 8;; QUESTION SECTION:;upsdn.net. IN A;; AUTHORITY SECTION:upsdn.net. 172800 IN NS ns1.dnspod.net.upsdn.net. 172800 IN NS ns1.everydns.net.upsdn.net. 172800 IN NS ns2.dnspod.net.upsdn.net. 172800 IN NS ns2.everydns.net.upsdn.net. 172800 IN NS ns3.dnspod.net.upsdn.net. 172800 IN NS ns3.everydns.net.upsdn.net. 172800 IN NS ns4.dnspod.net.upsdn.net. 172800 IN NS ns4.everydns.net.;; ADDITIONAL SECTION:ns1.dnspod.net. 172800 IN A 218.108.58.68ns1.everydns.net. 172800 IN A 38.99.14.207ns2.dnspod.net. 172800 IN A 60.195.249.161ns2.everydns.net. 172800 IN A 216.218.240.206ns3.dnspod.net. 172800 IN A 60.195.249.166ns3.everydns.net. 172800 IN A 80.84.249.169ns4.dnspod.net. 172800 IN A 61.129.70.142ns4.everydns.net. 172800 IN A 63.219.183.200;; Query time: 599 msec;; SERVER: 192.5.6.30#53(192.5.6.30);; WHEN: Sun Sep 24 19:03:23 2006;; MSG SIZE rcvd: 315

If there is only Question and there is no Answer, then there is a problem.
How can I determine whether the DNS server record of a domain name is resolved?
The DNS server record of a domain name is a special set of host names. These DNS host names must be registered with Internic before they can be used for domain name registration. After registration, you can find it through whois and resolve the registered DNS server on the Internet root server.
Taking upsdn.com as an example, his dns Server Name Server: SENS01.DIG. COMName Server: SENS02.DIG. COMName Server: orNS01.DIG. COMName Server: orNS02.DIG. COM

Can be found through whois and dig @ a.gtld-servers.net.
For the sake of insurance, all registered DNS servers should also perform A record resolution on their own domain name servers. Otherwise, some clients may not work properly.
For example, SENS01.DIG. COM is resolved on its own DNS server.
If you have registered your own DNS server but have not performed resolution for the DNS server, the resolution may be unstable.
How to determine if the domain name is not resolved on the DNS server
Log on to the DNS server of the domain name and execute:
dig @localhost upsdn.net

If there is no result, check whether there is a record for this domain name in/etc/named. conf and whether the zone file in the record exists. If yes, run the program code:
rndc reload abc.com

Then execute:
tail /var/log/messages

Check whether the log reports an error or whether the format of the zone file is correct.
How to determine DNS inconsistencies on multiple DNS servers of a domain name
Query each DNS server of the domain name in sequence to check whether the results are consistent. In all servers, if some servers do not return results, the normal resolution of the domain name will not be affected, because at this time, the parsing client will try other servers, an error is reported only when no result is returned on all servers. However, if the resolution on server A is inconsistent with that on server B, the domain name resolution is incorrect.
Dig @ns2.everydns.com upsdn.netDig @ns4.dnspod.net upsdn.net

If they are inconsistent, it is usually a synchronization problem between servers.
How can I determine whether the DNS server network settings for a domain name are correct?
You can connect tcp and udp protocols from other machines, for example:
Dig + tcp @ ns4.dnspod.net upsdn.net and dig + notcp @ ns4.dnspod.net upsdn.net

If the connection fails and the named service on the server has been started, most of the reasons are software or hardware firewalls. Check whether port domain53 is allowed in/etc/sysconfig/ipchains or iptable on the server) for tcp and udp connections. Or temporarily stop the ipchains/iptable service to check whether the external connection is available. If the software firewall is configured correctly or is not started at all, check whether the hardware firewall has enabled port 53.
How to determine whether the local DNS cache is not updated
You can check the DNS server of the domain name and check whether the resolution on these servers is correct. If the server is correct but the local DNS is incorrect, the local DNS server is not refreshed, wait until it is refreshed. It usually takes about 4 to 12 hours.

Related Articles]

  • FAQs about using DNS in the Active Directory

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.