I would like to issue a query to a specific DNS server, whose IP address I know. It doesn't really matter if it's on Windows or *nix.
In Windows I can do something like:
C:\Documents and Settings\Anton Daneyko>nslookup superuser.com
Server: DNSs2.Uni-Marburg.DE
Address: 137.248.21.22
Non-authoritative answer:
Name: superuser.com
Address: 64.34.119.12But this uses the local machine's DNS settings. Instead, I would like to query a specific DNS server to test if it is responding to my queries correctly or responding at all.
So it should be something like:
nslookup --dns-ip=8.8.8.8 superuser.com 9 Answers
For basic A and CNAME records, you can simply do
nslookup somewhere.com some.dns.serverUsage: nslookup [-opt ...] # interactive mode using default server nslookup [-opt ...] - server # interactive mode using 'server' nslookup [-opt ...] host # just look up 'host' using default server nslookup [-opt ...] host server # just look up 'host' using 'server'or if you just type nslookup without any parameters, you can do a lot more options...
Commands: (identifiers are shown in uppercase, [] means optional)
NAME - print info about the host/domain NAME using default server
NAME1 NAME2 - as above, but use NAME2 as server
help or ? - print info on common commands
set OPTION - set an option all - print options, current server and host [no]debug - print debugging information [no]d2 - print exhaustive debugging information [no]defname - append domain name to each query [no]recurse - ask for recursive answer to query [no]search - use domain search list [no]vc - always use a virtual circuit domain=NAME - set default domain name to NAME srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1,N2, etc. root=NAME - set root server to NAME retry=X - set number of retries to X timeout=X - set initial time-out interval to X seconds type=X - set query type (ex. A,AAAA,A+AAAA,ANY,CNAME,MX,NS,PTR,SOA,SRV) querytype=X - same as type class=X - set query class (ex. IN (Internet), ANY) [no]msxfr - use MS fast zone transfer ixfrver=X - current version to use in IXFR transfer request
server NAME - set default server to NAME, using current default server
lserver NAME - set default server to NAME, using initial server
root - set current default server to the root
ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE) -a - list canonical names and aliases -d - list all records -t TYPE - list records of the given RFC record type (ex. A,CNAME,MX,NS,PTR etc.)
view FILE - sort an 'ls' output file and view it with pg
exit - exit the program 4 Just digging into the options of nslookup, which you can display if you invoke nslookup and then typing help inside of the nslookup interactive mode gave me the right answer:
C:\Documents and Settings\Anton Daneyko>nslookup help
Server: DNSs2.Uni-Marburg.DE
Address: 137.248.21.22
*** DNSs2.Uni-Marburg.DE can't find help: Non-existent domain
C:\Documents and Settings\Anton Daneyko>nslookup
Default Server: DNSs2.Uni-Marburg.DE
Address: 137.248.21.22
> stackoverflow.com 8.8.8.8
Server: [8.8.8.8]
Address: 8.8.8.8
Non-authoritative answer:
Name: stackoverflow.com
Address: 64.34.119.12 1 Yes, C:\Documents and Settings\Anton Daneyko>nslookup superuser.comwill look up your own DNS server to find out the IP address for superuser.com. If you add the ip address or the name of a different DNS server to the command line, it will lookup that given DNS server for the ip address of superuser.com. Ex:
C:\Documents and Settings\Anton Daneyko>nslookup superuser.com 8.8.4.4
Server: google-public-dns-b.google.com
Address: 8.8.4.4
Non-authoritative answer:
Name: superuser.com
Addresses: 190.93.245.58 190.93.246.58 141.101.114.59 190.93.247.58 190.93.244.58By the way, 8.8.4.4 is the ip address of Google DNS servers.
But, both of the above give "Non-authoritative answers", as neither of them SOA, which is the authoritative for superuser.com domain. Both have a cached copy that has been propagated from the SOA. If you want to ask the authoritative server, first find out the name of ip address of the authoritative server, using the command:
C:\Documents and Settings\Anton Daneyko>nslookup -type=ns superuser.com
Server: DNSs2.Uni-Marburg.DE
Address: 137.248.21.22
Non-authoritative answer:
superuser.com nameserver = cf-dns02.superuser.com
superuser.com nameserver = cf-dns01.superuser.com
cf-dns02.superuser.com internet address = 173.245.59.4
cf-dns02.superuser.com AAAA IPv6 address = 2400:cb00:2049:1::adf5:3b04
cf-dns01.superuser.com AAAA IPv6 address = 2400:cb00:2049:1::adf5:3a35
cf-dns01.superuser.com internet address = 173.245.58.53This will return a non-authoritative answer from your local DNS server, from the Marburg Uni, naming all the authoritative servers for the superuser.com. Then you can use the command we used earlier to ask any of the 4 authoritative servers, as follows:
C:\Documents and Settings\Anton Daneyko>nslookup superuser.com 173.245.59.4
Server: cf-173-245-59-4.cloudflare.com
Address: 173.245.59.4
Name: superuser.com
Addresses: 141.101.114.59 190.93.246.58 190.93.245.58 190.93.247.58 190.93.244.58As you see, this time the authoritative SOA server returned the ip addresses, hence you don't see the comment "Non-authoritative answer" comment, anymore. This is particularly useful, when you have created a new domain name or changed the hosting providers or transferred to a different domain registrar, and you can't access your website, as the new IP addresses haven't propagated even after 24 hours. Then you can start with the SOA and verify that your correct ip address is given by the DNS server, and then follow it further down the tree. Good to check if Google DNS servers have received the changes, and then lastly if your local DNS server can resolve your Domain name to correct IP address.
Get specific record-types from specified DNS server with one command
To look up record types other than the default A and AAAA (and CNAME) records returned by nslookup, using the DNS server you specify:
nslookup -q=<record type> <host> <DNS server>For example, to return MX records for the domain stackexchange.com using DNS server 8.8.4.4 the command would be:
nslookup -q=MX stackexchange.com 8.8.4.4 To change your default DNS server in nslookup you can simply change the server by typing the server NAMEorIPofDNS In this example below I have changed my default DNS server (192.168.50.21) to a new one (4.2.2.3)
C:\Windows\system32>nslookup
Default Server: UnKnown
Address: 192.168.50.21
server 4.2.2.3
Default Server: c.resolvers.level3.net
Address: 4.2.2.3
>
Now I am ready to make queries against 4.2.2.3 versus 192.168.50.21
3On windows you can do
c:\nslookup <==nothing after it just hit enter for console mode of nslookup
>server 8.8.8.8 <== sets the DNS server you want to test against
>whatyouliketotest.comThe ben
you can configure the primary DNS to be used with your connection.
Go to your connection properties => Internet Procol (TCP/IP). (the place where you can set a static IP)
Here you can manually define which DNS you want to use for each connection.
After testing, you can always change it back to it's previous value.
I am working on Openwrt 18.06.1 ARMv6 Raspberry pi and setting up tor dns as well as dnscrypt-proxy so had a very similar problem. The root cause is that the local isp is intercepting insecure responses from root-servers.net, responses that say the site was not found, then redirecting to their own website. While it isn't a great security flaw I don't find it particularly useful either.
The first test to do when querying a specific address is actually to try an invalid address, to make sure that you get a proper null response when using the server, port and host parameters, There are many guides and versions and it is easy to think you are doing a port test when it is in fact replying from cached results or default servers. After getting a null response then work with an active server address and port. Active ports can be shown on openwrt with netstat -plnt but note that some router commands may need to be installed first. The tor service I set on port 9053 doesn't show here but still works after adding DNSPort 127.0.0.1:9053 to the torrc file. nslookup format on this platform accepts [host] and [server] parameters and I can test tor dns with nslookup cnn.com 127.0.0.1#9053 I can test dnscrypt with the command nslookup cnn.com 127.0.0.1#5353 Changing to invalid port numbers or domains gets a response; ; connection timed out; no servers could be reached Dig also works on openwrt but has to be installed from the bind-dig package. dig -q 127.0.0.1 -p 9053 And again fails for invalid ports. In my case the problem was resolved when I changed entries in /etc/config/network and set option dns '127.0.0.1' for networks where I previously used insecure dns entries there.
For windows what you may be looking for is presented in the following article:
1