ClouDNS Blog - DNS and Cloud Technologies

DNS Troubleshooting – tools and commands

Martin Pramatarov / June 9, 2019June 10, 2019 / Tools

Your DNS is not working well, and you have no idea what is happening. It is time for DNS troubleshooting. There are plenty of options that could help you discover the DNS problem. We will show you the most popular and practical for your needs.

DNS basic knowledge

If you searched “DNS troubleshooting” you probably know what DNS is, so we will go directly to the business. You can check the types of DNS records. You can troubleshoot specific DNS record to see if there are problems with them. It is possible that the DNS records were not configured correctly.

DNS Troubleshooting Tools

There are plenty of tools that you can use. The tools can be specific for Linux, Windows, or Mac OS, or they can be browser-based. Most of the tools that we will show you overlaps in functionality, and it will be your decision which one you would use in the future.

Check if the problem is not just in your device

Before you start with the DNS troubleshooting, check if the problem is only local. If you are trying to access your website, but you are getting this message “DNS_PROBE_FINISHED_NXDOMAIN” the problem might be in your device. We recently wrote a way to fix it. Go and read the article.

Dig command

Linux dig command, how to install it and use it

Good tool for DNS troubleshooting. You can see all the DNS records. You can use it on Linux and Mac OS, but you can search for a port for Windows too. A typical dig command will show you an Authority Section. You can see if the DNS is pointing correctly.

Use it with +trace in dig +trace combination “dig +trace YOURDOMAIN” to see the whole route of your query. This way you can locate the exact problem.

Dns.computer

https://www.dns.computer

This one is simple and easy to use browser-based lookup tool. You can perform DNS troubleshooting with it even from your cell phone. Check a domain and get a fast result about the name servers, response time, SOA records, and A records. You can see if a server is not responding or if it is responding too slow. It is missing different DNS records, but it is convenient for a quick check.

Traceroute

Traceroute command and its options

As the name suggests, this will be ideal for checking the entire route of a DNS query. You can use it on Windows as Tracert, Linux and Mac OS as traceroute. You can try it with a domain or IP address, and you will see a result with all the hops and response time.

NSLookup

10 most used Nslookup commands

NSLookup lets you check any type of DNS record. You can use it to see all the available DNS records, or you can look for a specific type like – A, AAAA, SOA, MX, NS. You can use it to troubleshoot a domain using a particular port too.

Host command

Linux host command, troubleshot your DNS

Host command is very similar to the NSLookup but available only on Linux. You have to write the commands in the Terminal, and you can see the different types of DNS records.

One thing that you can troubleshoot if you have problem with your emails are the TXT records. You can see if there is a SPF record. It is a TXT record that prevents spoofing and stops your outgoing emails from going directly into the spam folder.

Ping command

What is Ping? How to use Ping?

You can use Ping command on Windows, Mac OS, and Linux. By using ping, you can see if the name server you want to reach, responds. You can also check the time of the response and the TTL.

If the domain that you are troubleshooting doesn’t respond, but the IP gives results, that there is a problem in the hostname resolution. Check if the DNS servers are pointing to the right direction.

DNS Troubleshooting Conclusion

There are plenty of useful tools that you can use for DNS troubleshooting. Try all of these and find the right one for you and your problem. Many overlaps in functionality, but have some small differences that can help you in a specific case.

As you saw, there are utilities for every operating system so that you can find the problem easily. After you see where the problem is, it is easy to fix it.

Enjoy this article? Don't forget to share.

Linux host command, troubleshot your DNS

Martin Pramatarov / June 6, 2019June 6, 2019 / Tools

Today we will add one more handy DNS tool – host command on Linux. For the purpose, we will use the latest Linux Mint 19.1 (based on Ubuntu Linux). For those of you who are used to Windows, Linux host command is very similar to nslookup, but a bit more advanced. Host command replaced the nslookup on Linux-based operating systems. You can use it to check different types of DNS records.

Host command syntax

If you want to see the syntax of the host command and the options that it has, you can simply write “host” and press “Enter.”

host [-aCdlnrsTwv] [-c class] [-N ndots] [-R number] [-t type] [-W time] [-m flag] [-4] [-6] hostname [server]

Host command Options

Here you can see all the available options. Whenever you forgot them, just write “host” in the Terminal.

Host command examples

For all the cases we will use Google.com. You can change Google.com with your domain or whichever else domain that you are interested in. We will give you several examples that can be useful for your work.

Search for the IP address of the domain.

host google.com

You will get IPv4 and IPv6 results for the domain.

SOA Record

See the Start of Authority records with this command.

host –C google.com

Check the name servers of the domain

host –t ns google.com

It will display the name servers of the host. The –t, we use to specify the type of query.

Check a particular name server

You want, for example, to review the ns1, so you type:

host google.com ns1.google.com

CNAME record

host –t cname mail.google.com

You can use it to find CNAME record

MX record

Check the incoming mail server with this query

host –n –t mx google.com

TXT Record

You can also check TXT records

host –t txt google.com

Decide the Waiting time for a query

You can use –w to wait forever or –W and time in seconds to decide how long to wait for a reply.

host –T –W 10 google.com

Reverse lookup

You can also check the IP and see the host

host 216.58.194.142

Host command to see all of the DNS records for a domain

host –a google.com

You will get information about various types of records – NS, AAAA, MX, etc.

Conclusion:

This was the host command. Now you have one more way to troubleshoot your DNS. If you are interested in DNS diagnostic we recommend you the following articles too: Dig command, Nslookup, Traceroute and Ping. They will expand your knowledge in DNS diagnostic.

Enjoy this article? Don't forget to share.

DNS_PROBE_FINISHED_NXDOMAIN, now what to do?

Martin Pramatarov / May 29, 2019May 30, 2019 / DNS

Imagine the situation, you are browsing the internet, minding your own business and suddenly you see DNS_PROBE_FINISHED_NXDOMAIN in your Chrome browser! You didn’t enter the page you wanted, you hit refresh and still nothing! Now, what to do?

What is DNS_PROBE_FINISHED_NXDOMAIN?

It is a DNS-related error that shows that the domain that you are trying to reach does not exist (NX means non-existing). The DNS can’t find the corresponding IP address to the domain you just entered.
Most of the times this is a DNS configuration problem, and the problem is in your device, not in the domain itself.

Ok, we said Chrome, but does this happen when you are using other browsers?

We mention Google Chrome, where you get “This site can’t be reached,” but you can get a similar message in any other browser. Mozilla’s Firefox will show you “Hmm. We’re having trouble finding that site”, Microsoft Edge “Hmmm… can’t reach this page”, and almost identical messages on the rest of the browsers.

Ok, so what to do when we see the DNS_PROBE_FINISHED_NXDOMAIN?

There are several ways that you can fix your problem. Let’s explore the possibilities:

1. Flush the DNS cache

If it is bad-configured DNS, the easiest is to start from zero. Flush the current DNS cache and renew the IP address.

For Windows users, follow these steps:
Open the Command Prompt as an administrator. Click the start menu icon and write “Command Prompt,” then run as administrator. Then type “ipconfig /release” and press Enter on your keyboard. Now you can see your current IP address. After that, write “ipconfig /flushdns” and press Enter. You flushed the cache, “Successfully flushed the DNS Resolver Cache.” Next thing to type in “ipconfig /renew”. And now your IP address has been renewed.

Flush DNS to fix DNS_PROBE_FINISHED_NXDOMAIN

For Mac OS users:
Go to “System Preferences…”, then “Network” and later “Advanced.” When you are there, go to TCP/IP and click the “Renew DHCP.”
You can also delete the DNS cache. First, open the “Utilities” and then the “Terminal.” The command you need to write is “dscacheutil –flushcache” and press Enter. It is ready. There is no confirmation message here.

For Linux (Linux Mint, Ubuntu):
If you are using Linux Mint or Ubuntu, by default, the DNS cache is disabled. You can check if it is enabled with the following command “ps ax | grep dnsmasq”. In the message that you’ll get check if “cache-size=0”, then it is disabled. If it is enabled, write the following command “udo /etc/init.d/dns-clean restart”. Then type “sudo /etc/init.d/networking force-reload”. Done!

Linux Mint fix DNS_PROBE_FINISHED_NXDOMAIN

2. Reinitiate the DNS Client Server.

For Windows users, we will use the “Run” to open “services.msc.” Now you will see all the services that run on your computer. Go to DNS Client, stop it and start it again.

Restart DNS client to fix DNS_PROBE_FINISHED_NXDOMAIN

3. Change the DNS servers

Your internet provider automatically set your IP address, using their DNS servers. But you have the chance to change to another DNS server like Google’s public DNS.

Windows:
Go first to “Control Panel,” then “Network and Internet” and later “Network and Sharing Center.” There click the “Change adapter settings” and select the network that you are using. Go to properties, search for the “Internet Protocol Version 4” and click on the properties. Set the following DNS servers 8.8.8.8 and 8.8.4.4

Mac OS:
“System Preferences,” Network,” and then “Advanced.” Click on DNS and add the same 8.8.8.8 and 8.8.4.4.

Linux (Linux Mint, Ubuntu):
Open “System Settings,” “Network.” Then select the network that you are using and choose “Settings.” Go to the “IPv4 Settings,” and there you will see “Additional DNS servers.” add “8.8.8.8, 8.8.4.4”.

4. Chrome Flags Reset.

Maybe the problem comes from your Chrome browser. Go to your Chrome browser and type “chrome://settings/clearBrowserData” in the address bar. Delete the “Cached images and files,” “Cookie and other site and plugin data” and “Browsing history” from “the beginning of time.”
After that type “chrome://flags/” and a menu will open. Click on the “Reset all to default.” Now restart the browser, and you are ready.

Conclusion

Next time when you see the DNS_PROBE_FINISHED_NXDOMAIN don’t panic. There are easy solutions to this problem. Just try one of those, and you will be ready is a few minutes.
If the site that shows the error is yours, and after trying nothing is happening, go and check if the domain is correctly redirected. If no, do fix it.

Enjoy this article? Don't forget to share.

Linux dig command, how to install it and use it

Martin Pramatarov / May 22, 2019May 22, 2019 / Tools

Dig command (Domain Information Groper) is one of the most popular DNS testing tools. You can use it to troubleshoot your DNS and make sure everything works fine. You can try it on Linux, Mac OS, and Windows. For this demonstration, we will use a random old laptop with the latest version of Linux Mint (19.1). Linux Mint is based on Ubuntu Linux. Many old laptops can get a new life as a diagnostic tool.

How to install the dig command on Linux?

First, let’s check if you already have the dig command installed. You can do that by opening the terminal and writing dig -v. If you have it, your computer will show a message similar to this one:

DiG 9.11.3-1ubuntu1.7-Ubuntu.

Many new Linux distros have it pre-installed. In case you don’t have it, you will get the following message:

dig command not found

For Linux Mint, Ubuntu and other Ubuntu-based Linux distributions you can use the following command:

sudo apt install dnsutils

If you are using Fedora or CentOS you should use:

sudo yum install bind-utils

And for Arch Linux users:

sudo pacman -S bind-tools

Understanding the dig command

Let’s start with a simple example to understand it. We will use google.com for the testing. You can try it directly with your domain, by simply replacing google.com with your domain.

dig google.com

The first line will inform you about the version of the dig command and the second about the global option.

After that, you will get technical information provided by the DNS nameserver. The header shows you what did you do and was it successful. If there is “NOERROR” that there was no problem.
You will see the answer for the EDNS.
Following line shows that by default you are requesting the A record.
You will get the answer for the A record – the correspondent IP address and you will get statistic about the query.

More dig command examples:

dig google.com +short

This will show you just the IP address without any additional information.

dig google.com MX

You can query different types of records like the mail exchanger ones. MX records show the responsible mail server for accepting emails.

dig google.com SOA

SOA – the start of authority, shows the authoritative DNS server.

dig google.com TTL

TTL – time to live. It shows how long the data should be kept. You can read more about TTL HERE.

dig google.com +nocomments +noquestion +noauthority +noadditional +nostats

Only answer query. Use it if you don’t want to receive extra information.

dig google.com ANY +noall +answer

Query all types of DNS records. It will show all the different types of DNS records.

dig -x 172.217.1.142

Reverse DNS lookup. You can also do the opposite and check the IP address. The rDNS is used for verification. The result will be a PTR record that verifies the nameserver.

dig @8.8.8.8 +trace google.com

Trace DNS Path. It will show the whole route that a DNS query takes. Every hop from a server to server. It can show you where exactly server is not working.

11 dig -p 5300 google.com

Specify Port Number. If you have changed the standard port 53 to another for increased security, you can make a dig command to check if it is working correctly.

Now you know the basics of the dig command on Linux. You can start experimenting by yourself.
You can get some additional information about the dig command and a few more options to try in our Wiki.

We can recommend you a few more tools that can be useful for your DNS diagnostic Nslookup, Traceroute and Ping.

Sources used:
Linuxize.com https://linuxize.com/post/how-to-use-dig-command-to-query-dns-in-linux/
Tecmint.com https://www.tecmint.com/10-linux-dig-domain-information-groper-commands-to-query-dns/

Enjoy this article? Don't forget to share.

DMARC, the solution for your phishing problems

Martin Pramatarov / January 2, 2019January 2, 2019 / Protection

Phishing attacks are a real danger for every business. It can severely damage the brand name, and it can lead to less trust and leaving of clients. The attackers can spam or phish with emails that use your brand logo and looks just like your emails. Even you won’t see a difference between one of these fake emails and the original emails sent from your servers. We have already talked about SPF and how it verifies the outgoing mail server. There is also another DKIM technology for signing emails. Domain-based Message Authentication (DMARC) uses both of them to take pre-defined actions. Double protection for lowering the chances of phishing and report system for better management.

DMARC

Continue reading “DMARC, the solution for your phishing problems”

Enjoy this article? Don't forget to share.

DNS history. When and why was DNS created?

Martin Pramatarov / December 27, 2018December 27, 2018 / DNS

We have talked a lot about DNS. How does it work, and all the related topic around it. But we have never spent some time about the DNS history. What led to the need for DNS? Who was the great person who invented it?

DNS history

Continue reading “DNS history. When and why was DNS created?”

Enjoy this article? Don't forget to share.

AWS vs Azure vs Google. The battle for the cloud crown

Martin Pramatarov / December 13, 2018 / Cloud Computing

AWS vs Azure vs Google, the three biggest cloud providers in the world. They all have a vast network of servers all over the world and many services that can cover most of the business’s needs. They provide IaaS and PaaS through interconnected services. If are just starting with the cloud technology, you will probably be confused about choosing between them. AWS vs Azure vs Google, which is better and why?

Let’s introduce them to you.

AWS vs Azure vs Google

Continue reading “AWS vs Azure vs Google. The battle for the cloud crown”

Enjoy this article? Don't forget to share.

IPv4 vs IPv6 and where did IPv5 go?

Martin Pramatarov / December 6, 2018December 6, 2018 / Internet

Every time you see some network settings, there are IPv4 or IPv6. As you can guess, the previous versions are long in the past (TCP/IP v1, v2, and v3). But why is it IPv4 vs IPv6 instead of the 5th version vs the 6th? How is that the IPv4 from the 80s is still around? Let’s find out!

IPv4 vs IPv6

Continue reading “IPv4 vs IPv6 and where did IPv5 go?”

Enjoy this article? Don't forget to share.

DNSSEC. The security extension for DNS

Martin Pramatarov / November 29, 2018June 18, 2019 / DNS

Now we will talk about what is the Domain Name System Security Extension (DNSSEC) and how it can protect you and your clients from DNS spoofing. If you have activated it, you can have additional verification of the DNS servers and evade “poisoned” servers who redirect your visitors to a different IP address.

DNSSEC

Continue reading “DNSSEC. The security extension for DNS”

Enjoy this article? Don't forget to share.