Topics Map > DNS Basics
Topics Map > DDI Pilot

DNS: 'dig' and verifying DNS change success

DNS: 'dig' and verifying DNS change success

Syntactically correct vs intentions

Beware the subtle difference between syntactical correctness and intention. For example, consider the following request

Please make myhost.doit.wisc.edu resolve to IP: 144.92.146.15

Let's say you created the following entry in the doit.wisc.edu file 

myhoost.doit.wisc.edu		IN	A	144.92.146.16
There are three problems. Can you find them? The point is, the config is valid and BIND will reload the file, it's just not going to be the changes that you want!

The only true way to check the grammatical correctness of your change is to test each and every change against adns0 with nslookup or dig. However, this can be very time consuming if you have made a lot of changes. My best advice: copy/paste directly from the email requests as much as possible to eliminate typos!

Ways of checking for a successful DNS change

nslookup 

[m7h@trigger]$ nslookup mcfly.doit.wisc.edu
Server:         128.104.254.254
Address:        128.104.254.254#53

Non-authoritative answer:
Name:   mcfly.doit.wisc.edu
Address: 144.92.67.158

[m7h@trigger]$ nslookup 144.92.67.158      
Server:         128.104.254.254
Address:        128.104.254.254#53

Non-authoritative answer:
158.67.92.144.in-addr.arpa      name = mcfly.doit.wisc.edu.

Authoritative answers can be found from:
67.92.144.in-addr.arpa  nameserver = adns3.doit.wisc.edu.
67.92.144.in-addr.arpa  nameserver = adns2.doit.wisc.edu.
67.92.144.in-addr.arpa  nameserver = adns1.doit.wisc.edu.
adns3.doit.wisc.edu     internet address = 144.92.104.21
adns1.doit.wisc.edu     internet address = 144.92.9.21
adns1.doit.wisc.edu     internet address = 128.104.30.60
adns2.doit.wisc.edu     internet address = 144.92.20.99

[m7h@trigger]$ nslookup
> set type=mx
> doit.wisc.edu
Server:         128.104.254.254
Address:        128.104.254.254#53

Non-authoritative answer:
doit.wisc.edu   mail exchanger = 10 mta2.wiscmail.wisc.edu.
doit.wisc.edu   mail exchanger = 10 mta3.wiscmail.wisc.edu.
doit.wisc.edu   mail exchanger = 10 mta4.wiscmail.wisc.edu.
doit.wisc.edu   mail exchanger = 5 smtp.wiscmail.wisc.edu.
doit.wisc.edu   mail exchanger = 10 mta1.wiscmail.wisc.edu.

Authoritative answers can be found from:
doit.wisc.edu   nameserver = adns2.doit.wisc.edu.
doit.wisc.edu   nameserver = adns1.doit.wisc.edu.
doit.wisc.edu   nameserver = adns3.doit.wisc.edu.
mta2.wiscmail.wisc.edu  internet address = 144.92.197.234
mta3.wiscmail.wisc.edu  internet address = 144.92.197.212
mta4.wiscmail.wisc.edu  internet address = 144.92.197.213
smtp.wiscmail.wisc.edu  internet address = 144.92.197.138
mta1.wiscmail.wisc.edu  internet address = 144.92.197.233
adns3.doit.wisc.edu     internet address = 144.92.104.21
adns2.doit.wisc.edu     internet address = 144.92.20.99
adns1.doit.wisc.edu     internet address = 128.104.30.60
adns1.doit.wisc.edu     internet address = 144.92.9.21

[m7h@trigger]$ nslookup
> set type=AAAA
> r-peer.net.wisc.edu
Server:         128.104.254.254
Address:        128.104.254.254#53

Non-authoritative answer:
r-peer.net.wisc.edu     has AAAA address 2607:f388:0:101::1

Authoritative answers can be found from:
net.wisc.edu    nameserver = adns1.doit.wisc.edu.
net.wisc.edu    nameserver = adns3.doit.wisc.edu.
net.wisc.edu    nameserver = adns2.doit.wisc.edu.
adns2.doit.wisc.edu     internet address = 144.92.20.99
adns1.doit.wisc.edu     internet address = 144.92.9.21
adns1.doit.wisc.edu     internet address = 128.104.30.60
adns3.doit.wisc.edu     internet address = 144.92.104.21

dig

You can use dig to query a specific server to get that server's view of the state of a zone with the '@$server' parameter. This may be useful in order to assess if all authoritative nameservers agree on NS records for a given zone. 
[m7h@trigger]$ dig @adns0 -x 144.92.67.158 +short
mcfly.doit.wisc.edu.
notice the -x when doing a reverse IP lookup 
[m7h@trigger]$ dig @adns0 -x 144.92.67.158 +short
mcfly.doit.wisc.edu.

[m7h@trigger]$ dig @adns0 r-peer.net.wisc.edu AAAA +short
2607:f388:0:101::1
  • Another way; Do a zone transfer from adns0 and grep for the information you are looking for 
     
    [m7h@trigger]$ dig @adns0 doit.wisc.edu AXFR | grep mcfly
    mcfly.doit.wisc.edu.    14400   IN      A       144.92.67.158

    [m7h@trigger]$ dig @adns0 net.wisc.edu AXFR | grep r-peer | grep AAAA
    r-peer.net.wisc.edu.    14400   IN      AAAA    2607:f388:0:101::1
    r-peer-2.net.wisc.edu.  14400   IN      AAAA    2607:f388:0:101::2
    r-peer-2-xe-0-1-0-1345.net.wisc.edu. 14400 IN AAAA 2607:f388:0:204::2
    r-peer-2-xe-1-0-0-0.net.wisc.edu. 14400 IN AAAA 2607:f388:0:200::2
    r-peer-xe-1-0-0-0.net.wisc.edu. 14400 IN AAAA   2607:f388:0:200::1
    r-peer-xe-2-0-0-1791.net.wisc.edu. 14400 IN AAAA 2607:f388:0:201::2
    r-peer-xe-2-1-0-954.net.wisc.edu. 14400 IN AAAA 2607:f388:0:2200::1

    [m7h@trigger]$ dig @adns0 -x 144.92.67 AXFR | grep mcfly             
    158.67.92.144.in-addr.arpa. 14400 IN    PTR     mcfly.doit.wisc.edu.
  • Another useful tip; verify the zone serial is that what you would expect. All authoritative servers for a given zone should have the same serial number 
    [m7h@trigger]$ dig @adns0.doit.wisc.edu doit.wisc.edu SOA +short
    adns0.doit.wisc.edu. hostmaster.doit.wisc.edu. 2009013000 7200 1800 3628800 600
    [m7h@trigger]$ dig @adns1.doit.wisc.edu doit.wisc.edu SOA +short
    adns0.doit.wisc.edu. hostmaster.doit.wisc.edu. 2009013000 7200 1800 3628800 600
    Does this match what you would expect based on the doit.wisc.edu zone file you just edited?