Debugging Name Resolution with dnsstat

So your web browsing experience suffers stuttering and you get the impression that you're losing DNS requests, but every time you fire up dig to actually see one failing it succeeds.

Debugging name resolution issues can get hard - and annoying. The only way to really tell whether you've finally nailed down the cause is monitoring all queries and match the replies.

Tracing can be done easily using tcpdump like so:

$ tcpdump -i eth0 -w dns-capture.pcap "udp port 53"

Using Wireshark you can have a look at the trace but finding the one lost query amoung thousands of others is no fun part there.

In the desperate need of a reliable and efficient analysis for finally fixing DNS drops with my new, crappy ISP I wrote dnsstat.

Simply feed it a PCAP file containing DNS traffic and it will give you an overview of your DNS performance:

$ ./dnsstat capture-file.pcap
Queries
    sent:           309
    answered:       307
    lost:             2 (0.01%)
Delay
    min:           0.11 ms
    avg:          66.89 ms
    max:        1052.54 ms
    stdev:       206.59 ms

Using -v you may also dump all queries along with their response time.

Sounds handy? Get the code on GitHub.