DNS problem -

Rick Stevens ricks at alldigital.com
Thu Nov 14 17:42:07 UTC 2013 

On 11/12/2013 10:13 PM, Tim issued this missive:
> Bob Goodwin:
>> I changed the router configuration to use 208.67.229.220:5353 and
>> 208.67.222.222:5353 and see the following:
>>
>> [root at box10 bobg]# dig  www.bbc.co.uk
>>
>> ; <<>> DiG 9.9.3-rl.13207.22-P2-RedHat-9.9.3-5.P2.fc19 <<>> www.bbc.co.uk
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35870
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ;; QUESTION SECTION:
>> ;www.bbc.co.uk.            IN    A
>>
>> ;; ANSWER SECTION:
>> www.bbc.co.uk.        176    IN    CNAME    www.bbc.net.uk.
>> www.bbc.net.uk.        182    IN    A    212.58.246.93
>> www.bbc.net.uk.        182    IN    A    212.58.246.92
>>
>> ;; Query time: 616 msec
>> ;; SERVER: 192.168.1.1#53(192.168.1.1)
>> ;; WHEN: Tue Nov 12 11:46:20 EST 2013
>> ;; MSG SIZE  rcvd: 100
>>
>> As you say the cache is much faster, 2 ms as opposed to 616 ms.
>>
>> But I still don't know what DNS address it actually goes to, how do I
>> find that?
>
> Just to be clear, DNS means domain name *system* not *server*.  So, are
> you asking you're not sure what DNS server has responded, or you don't
> know how to read the answers you got back from dig?
>
> Looking at your above dig results:
>
> Your command line asked whatever your computer's default DNS server was
> (configured in /etc/resolv.conf) to look up www.bbc.co.uk.
>
> The ANSWER section gives results about your query addresses.  A query
> for www.bbc.co.uk gets a CNAME answer of www.bbc.net.uk (i.e. it says
> use that second name, instead).  Followed by two answers for IPs for
> www.bbc.net.uk, saying to use either 212.58.246.93 or 212.58.246.92
> (either will do).
>
> The QUERY TIME section says the server that answered was 192.168.1.1, so
> that would be the first DNS server address in your /etc/resolv.conf
> file.  Second or third server addresses in that config file will only be
> consulted if the first one failed to respond, and there'd be a seriously
> long time-out period before that happened.
>
> Your router, at 192.168.1.1 may have tried to query 208.67.229.220:5353
> and 208.67.222.222:5353 to find the results (I don't know if your
> router/modem can accept port numbers attached to the IPs, like that),
> and may have connected to them.  Or, your ISP may have intercepted that.
> You might try using those IPs and ports with the dig command, directly.
>
> By default, dig will use your pre-configured DNS servers (in
> your /etc/resolv.conf file) unless you specify a server to query on its
> command line.  That is *which* server to ask, not just what address you
> want to look up.
>

If you want to use dig to query a DNS server that is NOT in your 
/etc/resolv.conf file, use something like:

	dig @208.67.229.220 -p 5353 www.bbc.co.uk

The "@ip-address" would be the address of the DNS server you want to
query. If you don't want to use the standard DNS port of 53, then
include the "-p <val>" with "<val>" the non-standard port number to use
(e.g. port 5353 in this example). See "man dig" for other options.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, AllDigital    ricks at alldigital.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-  Diplomacy: The art of saying "Nice doggy!" until you can find a   -
-                            big enough rock.                        -
----------------------------------------------------------------------

More information about the users mailing list