DNS tool to find out how the dns queries are being resolved ?

Posted on 2012-08-29
Last Modified: 2012-12-29
Do anyone know of any tool which can give insight into dns queries being resolved ?
nslookup will give me the end result but now the recursive process or the other servers involved. what i want to see is all the server involved in the query including forwarders etc.
Question by:s_inderjit
    LVL 7

    Expert Comment

    If you have an internal DNS server, run a packet capture (wireshark is free and awesome!) and filter out everything except DNS traffic.  This should show you all DNS transactions that occur over the network.
    LVL 5

    Expert Comment

    You could use host command on a bsd or mac.  There are ports of the host command out there for windows OS.    Output is something like follows:  

    Dans-MacBook-Air:~ admin$ host -a
    Trying ""
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36688
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 21, AUTHORITY: 0, ADDITIONAL: 2

    ;                  IN      ANY

    ;; ANSWER SECTION:            77      IN      A            77      IN      A            77      IN      A            77      IN      A            77      IN      A            77      IN      A            77      IN      A            77      IN      A            77      IN      A            77      IN      A            77      IN      A            5966      IN      NS            5966      IN      NS            5966      IN      NS            5966      IN      NS            88      IN      MX      50            88      IN      MX      10            88      IN      MX      20            88      IN      MX      40            88      IN      MX      30            2686      IN      TXT      "v=spf1 ip4: ip4: ~all"

    ;; ADDITIONAL SECTION:            6336      IN      A            6337      IN      A

    Received 510 bytes from in 100 ms

    Author Comment

    thanks Unfragmented. I understand that i can capture traffic and filter dns traffic but i beleive their must be tool that can show you the dns traffic like tracert for network connectivity,
    LVL 57

    Accepted Solution

    How about turning on debug  or debug2 in nslookup?

    set d2

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now