Dnstracer - Tracer la chaine de résolution DNS

  • Présentation

dnstracer determines where a given Domain Name Server (DNS) gets its information from, and follows the chain of DNS servers back to the servers which know the data.

Cela ressemble un peu à l’option +trace de dig

Exemple en indiquant que l’on part des serveurs root ( -s . ) en ipv4 ( -4 ) sans cache ( -c )

$ dnstracer google.com -s . -4 -c | head -15  
Tracing to google.coma via A.ROOT-SERVERS.NET, maximum of 3 retries  
A.ROOT-SERVERS.NET . (198.41.0.4)   
|\\__ J.GTLD-SERVERS.NET [com] (192.48.79.30)   
| |\\__ ns4.google.com [google.com] (216.239.38.10) Got authoritative answer   
| |\\__ ns3.google.com [google.com] (216.239.36.10) Got authoritative answer   
| |\\__ ns2.google.com [google.com] (216.239.34.10) Got authoritative answer   
| \\__ ns1.google.com [google.com] (216.239.32.10) Got authoritative answer   
|\\__ I.GTLD-SERVERS.NET [com] (192.43.172.30)   
| |\\__ ns4.google.com [google.com] (216.239.38.10) Got authoritative answer   
| |\\__ ns3.google.com [google.com] (216.239.36.10) Got authoritative answer   
| |\\__ ns2.google.com [google.com] (216.239.34.10) Got authoritative answer   
| \\__ ns1.google.com [google.com] (216.239.32.10) Got authoritative answer   
|\\__ H.GTLD-SERVERS.NET [com] (192.54.112.30)   
| |\\__ ns4.google.com [google.com] (216.239.38.10) Got authoritative answer   
| |\\___ ns3.google.com [google.com] (216.239.36.10) Got authoritative answer   
$  
  • Détection des “Lame servers”

It detects so called lame servers, which are name-servers which has been told to have information about a certain domain, but don’t have this information.

$ dnstracer example.com -s . -4 -c -o   
Tracing to example.coma via A.ROOT-SERVERS.NET, maximum of 3 retries  
A.ROOT-SERVERS.NET . (198.41.0.4)   
|\\__ D.GTLD-SERVERS.NET [com] (192.31.80.30)   
| |\\__ dns1.example.com [example.com] (1.1.1.1)Got authoritative answer   
| |\\__ dns2.example.com [example.com] (2.2.2.2) Got authoritative answer  
| |\\__ dns3.example.com [example.com] (3.3.3.3) Lame server   
| |\\__ dns4.example.com [example.com] (4.4.4.4) Got authoritative answer  
| \\__ dns5.example.com [example.com] (5.5.5.5) Lame server  
|\\___ C.GTLD-SERVERS.NET [com] (192.26.92.30) ...

La réponse est Refers backwards si le serveur ne contient pas la donnée (et donc répond d’aller voir un des serveurs de niveau supérieur.) Ce qui est génant vu que justement c’est les serveurs de niveaux supérieurs qui pointent vers lui.

La réponse est Lame server si le serveur contient la donnée demandée mais n’a pas authorité sur la zone. C’est le cas si le serveur a eu une requête récursive lui demandant de trouver l’info et l’a mise en cache.

Vus : 9
Publié par Uggy : 252