DNS can often make a SysAdmins life difficult, since a misconfigured entry or a broken authoritative DNS server will cause things to fail in odd ways. If you are fortunate enough to use Linux on your servers and desktops, you have a slew of utilities available to look at problems. I’ve discussed a few of my favourite DNS debugging utilities in past posts, and recently added the dnscap utility to this list.
Dnscap is a command line utility that allows you to view ALL of the DNS requests sent over an interface in a dig-like or binary format. While tcpdump and company display traffic to UDP and TCP port 53, dnscap will actually decode the entries and give you everything you need to debug an issue in one place.
To use this super useful tool you can run it with the “-i” option, the interface to monitor along with the -g (dump the output in dig format) or “-b” (dump the output in binary) options:
$ dnscap -i eth0 -g
;@ 2011-01-26 16:33:21.892326 - 56 octets via eth0 (msg #0) ;: [192.168.144.91]:56239 -> [192.168.86.2]:53 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62131 ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; google.com, type = A, class = IN -- ;@ 2011-01-26 16:33:21.896426 - 240 octets via eth0 (msg #1) ;: [192.168.86.2]:53 -> [192.168.144.91]:56239 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62131 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4 ;; google.com, type = A, class = IN google.com. 1m31s IN A 184.108.40.206 google.com. 1m31s IN A 220.127.116.11 google.com. 1m31s IN A 18.104.22.168 google.com. 1d6h57m32s IN NS ns2.google.com. google.com. 1d6h57m32s IN NS ns3.google.com. google.com. 1d6h57m32s IN NS ns4.google.com. google.com. 1d6h57m32s IN NS ns1.google.com. ns1.google.com. 1d6h51m10s IN A 22.214.171.124 ns2.google.com. 1d6h51m10s IN A 126.96.36.199
The utility will then display all of the DNS requests on your console, and you can review the detailed request / SOA data along with the record information. This is extremely handy for debugging problems, and I'm glad I came across this awesome little utility!