Debugging DNS

Posted on Mon 27 February 2017

So your web browsing experience suffers stuttering and you get the impression that you're losing DNS requests, but every time you fire up dig to actually see one failing, it always succeeds.

Debugging DNS problems can get hard - and annoying. The only way to really tell if you've finally nailed down the cause is monitoring all queries and match the replies.

Tracing can be done easily using tcpdump like so:

$ tcpdump -i eth0 -w dns-capture.pcap "udp port 53"

Using Wireshark you can have a look at the trace but finding the one lost query amoung thousands of others is no fun part there.

In the desperate need of a reliable and efficient analysis for finally fixing DNS drops with my new, crappy ISP I wrote dnsstat.

Simply feed it a PCAP file containing DNS traffic

$ ./dnsstat dns-capture.pcap
    sent:           309
    answered:       307
    lost:             2 (0.01%)
    min:           0.11 ms
    avg:          66.89 ms
    max:        1052.54 ms
    stdev:       206.59 ms

and it will give you an overview of your DNS performance. Using -v you may also dump all queries along with their response time.

Sounds handy? Get the code on GitHub.

tags: dns, debugging, dnsstat | category: projects

Comments !