• Présentation

dnstracer determines where a given Domain Name Server (DNS) gets its information from, and follows the chain of DNS servers back to the servers which know the data.

Cela ressemble un peu à l'option +trace de dig

Exemple en indiquant que l'on part des serveurs root ( -s . ) en ipv4 ( -4 ) sans cache ( -c )

$ dnstracer google.com -s . -4 -c | head -15
Tracing to google.coma via A.ROOT-SERVERS.NET, maximum of 3 retries
A.ROOT-SERVERS.NET . (198.41.0.4)
|\___ J.GTLD-SERVERS.NET [com] (192.48.79.30)
| |\___ ns4.google.com [google.com] (216.239.38.10) Got authoritative answer
| |\___ ns3.google.com [google.com] (216.239.36.10) Got authoritative answer
| |\___ ns2.google.com [google.com] (216.239.34.10) Got authoritative answer
| \___ ns1.google.com [google.com] (216.239.32.10) Got authoritative answer
|\___ I.GTLD-SERVERS.NET [com] (192.43.172.30)
| |\___ ns4.google.com [google.com] (216.239.38.10) Got authoritative answer
| |\___ ns3.google.com [google.com] (216.239.36.10) Got authoritative answer
| |\___ ns2.google.com [google.com] (216.239.34.10) Got authoritative answer
| \___ ns1.google.com [google.com] (216.239.32.10) Got authoritative answer
|\___ H.GTLD-SERVERS.NET [com] (192.54.112.30)
| |\___ ns4.google.com [google.com] (216.239.38.10) Got authoritative answer
| |\___ ns3.google.com [google.com] (216.239.36.10) Got authoritative answer
$


  • Détection des "Lame servers"

It detects so called lame servers, which are name-servers which has been told to have information about a certain domain, but don't have this information.


$ dnstracer example.com -s . -4 -c -o
Tracing to example.coma via A.ROOT-SERVERS.NET, maximum of 3 retries
A.ROOT-SERVERS.NET . (198.41.0.4)
|\___ D.GTLD-SERVERS.NET [com] (192.31.80.30)
| |\___ dns1.example.com [example.com] (1.1.1.1)Got authoritative answer
| |\___ dns2.example.com [example.com] (2.2.2.2) Got authoritative answer
| |\___ dns3.example.com [example.com] (3.3.3.3) Lame server
| |\___ dns4.example.com [example.com] (4.4.4.4) Got authoritative answer
| \___ dns5.example.com [example.com] (5.5.5.5) Lame server
|\___ C.GTLD-SERVERS.NET [com] (192.26.92.30) ...

La réponse est "Refers backwards" si le serveur ne contient pas la donnée (et donc répond d'aller voir un des serveurs de niveau supérieur.) Ce qui est génant vu que justement c'est les serveurs de niveaux supérieurs qui pointent vers lui :)

La réponse est "Lame server" si le serveur contient la donnée demandée mais n'a pas authorité sur la zone. C'est le cas si le serveur a eu une requête récursive lui demandant de trouver l'info et l'a mise en cache.