dnstrace
About
dnstrace
is yet another DNS query/response tracing tool. Its purpose is to emulate iterative (with RD flag being unset) DNS queries usually being sent from any DNS recursor and traverse DNS authoritative hierarchy in search for the given query name and query type, assuming IN class. It will display every query and response, indicating reasons (delegations, CNAME following, missing glue etc.) for any new sub-query and additionally displaying individual and total response time.
EDNS is supported (with 4096 message payload size), as well as TCP failover in case of UDP communication issues (truncated messages and/or timeouts). When using EDNS it is also possible to manually (or automatically through Ipify) specify Client-Subnet option to test for Geo-aware DNS responses.
It is also possible to set Recursion Desired flag which essentially disables DNS tracing and relies on local resolver (from /etc/resolver.conf
) or remote DNS cache/resolver to perform all iterative queries and return the final result.
Installation
There are two ways of installing dnstrace
:
Manual
Download your preferred flavor from the releases page and install manually.
Using go get
go install github.com/dkorunic/dnstrace@latest
Usage
Usage:
Usage: ./dnstrace [option] [qtype] qname [@server]
Options:
-client string
Sends EDNS Client Subnet option with specified IP address
-edns
Enable EDNS support in queries (default true)
-fallback
Fallback to 4K UDP message buffer size and then to TCP (default true)
-ignoresub
Ignore tracing sub-requests when missing glue
-port int
Use to send DNS queries to non-standard ports (default 53)
-recurse
Toggle RD (recursion desired) flag in queries
-tcp
Use TCP when querying DNS servers
NB: Nameserver (@server) will be ignored if not using recurse flag and random root nameserver will be used instead.
Client option (-client) accepts "external" keyword and will use ipify.org to get your public IP. When using recurse (-recurse)
flag, if nameserver is not specified (@server), system resolver (from /etc/resolv.conf) will be used. All boolean flags
accept true or false arguments, for instance "-edns=false"
This tool is typically used to establish worst-case scenario RTT for iterative queries being sent from resolvers and
doesn't necessarily reflect real life.
Typical use case is to specify one or more qtypes (MX, A, NS etc.) and one or more qnames (for example apple.com
, www.google.com
, etc.). When there is no qtype specified, A is assumed. If temporary result is CNAME and qtype is A, dnstrace
will attempt to follow CNAME to the target. Internet qclass (IN) is assumed at all times.
It is possible to override default flag values by specifiying values, for example -edns=false
or -client=8.8.8.8
.
Typical use case would be:
dnstrace a porn.xxx
Then we are not interested in seeing sub-queries being sent to resolve missing glue for NS delegations, -ignoresub
flag can be used.
Bugs, feature requests, etc.
Please open a PR or report an issue. Thanks!