pbrane
asked on
DNS Query Trace
Hi,
I am having DNS query timeouts in my network and although I have figured a pleasant workaround I wondered if anyone can advise me on a tool that will allow me to trace DNS Queries.
I suspect my firewall (although all outbound open) when it receives my forwarders from the Server 2008 DNS.
Just to clarify its the DNS Query I want to trace and not the destination I'm trying to resovle.
Thanks in advance.
I am having DNS query timeouts in my network and although I have figured a pleasant workaround I wondered if anyone can advise me on a tool that will allow me to trace DNS Queries.
I suspect my firewall (although all outbound open) when it receives my forwarders from the Server 2008 DNS.
Just to clarify its the DNS Query I want to trace and not the destination I'm trying to resovle.
Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There is a utility called tracetcp, which is similar to tracert, but you can specify the port.
This is useful in that it tells you the hop path.
You may have to try this multiple times, from each server in the path.
e.g. client PC to local server, local server to root domain server, root domain server to external ISP. This last is probably what will give you the info you need.
Also ask your ISP what their default TTL is. A very low TTL will mean that more queries get a negative response.
If you manage your firewall, or if you can engage your firewall team, it might be worthwhile to open ICMP for a few minutes so you can do some pings & tracerts to your ISP's DNS servers & others.
tracetcp-0.99.1beta.zip
This is useful in that it tells you the hop path.
You may have to try this multiple times, from each server in the path.
e.g. client PC to local server, local server to root domain server, root domain server to external ISP. This last is probably what will give you the info you need.
Also ask your ISP what their default TTL is. A very low TTL will mean that more queries get a negative response.
If you manage your firewall, or if you can engage your firewall team, it might be worthwhile to open ICMP for a few minutes so you can do some pings & tracerts to your ISP's DNS servers & others.
tracetcp-0.99.1beta.zip
ASKER
Now I suppose I need to find out whether I can restrict DNS query packet sizes to 512bytes from the server or allow greater packet sizes on the firewall.
I am going to accept Chris-Dent's answer shortly as I think he fully understands the problem I am having. His description is the exact reason why I wanted to trace the queries but I have one more question as an extension of this issue.
Would it make sense if I suggested opening Inbound UDP 53 for my internal DNS server?
Thanks
I am going to accept Chris-Dent's answer shortly as I think he fully understands the problem I am having. His description is the exact reason why I wanted to trace the queries but I have one more question as an extension of this issue.
Would it make sense if I suggested opening Inbound UDP 53 for my internal DNS server?
Thanks
Tracert shows ICMP responses between the current system and the IP of the record for www.google.pl. Nothing to do with the DNS query really.
The trouble with this problem is that a DNS query timeout is a network problem, and in that instance you need to be checking traffic flow on UDP Port 53, not ICMP with ping / tracert.
Bear in mind that when a Forwarder is in use all DNS traffic flows between the local server and the forwarder. If you're getting occasional timeouts (not timeouts for everything) it suggests some UDP packets are being dropped between those two devices.
Chris
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I understand I havent provided the remark on whether the suggested solutions work to this issue but my question was one of diagnosing the issue.
Chris-Dent your a star. Thanks for everyones input.
Chris-Dent your a star. Thanks for everyones input.
You're welcome, I hope you get to the bottom of it.
Chris
type in command-line
tracert www.google.pl