Using dnscap to debug DNS problems on Linux hosts

DNS can often make a SysAdmins life difficult, since a misconfigured entry or a broken authoritative DNS server will cause things to fail in odd ways. If you are fortunate enough to use Linux on your servers and desktops, you have a slew of utilities available to look at problems. I’ve discussed a few of my favourite DNS debugging utilities in past posts, and recently added the dnscap utility to this list.

Dnscap is a command line utility that allows you to view ALL of the DNS requests sent over an interface in a dig-like or binary format. While tcpdump and company display traffic to UDP and TCP port 53, dnscap will actually decode the entries and give you everything you need to debug an issue in one place.

To use this super useful tool you can run it with the “-i” option, the interface to monitor along with the -g (dump the output in dig format) or “-b” (dump the output in binary) options:

$ dnscap -i eth0 -g

;@ 2011-01-26 16:33:21.892326 - 56 octets via eth0 (msg #0)
;: [192.168.144.91]:56239 -> [192.168.86.2]:53
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62131
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;;	google.com, type = A, class = IN
--
;@ 2011-01-26 16:33:21.896426 - 240 octets via eth0 (msg #1)
;: [192.168.86.2]:53 -> [192.168.144.91]:56239
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62131
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4
;;	google.com, type = A, class = IN
google.com.		1m31s IN A	74.125.157.99
google.com.		1m31s IN A	74.125.157.104
google.com.		1m31s IN A	74.125.157.147
google.com.		1d6h57m32s IN NS  ns2.google.com.
google.com.		1d6h57m32s IN NS  ns3.google.com.
google.com.		1d6h57m32s IN NS  ns4.google.com.
google.com.		1d6h57m32s IN NS  ns1.google.com.
ns1.google.com.		1d6h51m10s IN A  216.239.32.10
ns2.google.com.		1d6h51m10s IN A  216.239.34.10

The utility will then display all of the DNS requests on your console, and you can review the detailed request / SOA data along with the record information. This is extremely handy for debugging problems, and I'm glad I came across this awesome little utility!

3 thoughts on “Using dnscap to debug DNS problems on Linux hosts”

Leave a Reply

Your email address will not be published. Required fields are marked *