1. Overview

DNS (Domain Name System) is a critical component of internet infrastructure, translating human-readable domain names into IP addresses. When DNS servers encounter issues, it can disrupt our internet experience. This tutorial will guide us through simple methods to check whether a DNS server is functioning correctly.

2. Check DNS Server Configuration

Ensuring that our DNS server is correctly configured is crucial for reliable internet connectivity. This involves verifying the settings on our device or router.

On Linux, we can view the DNS configuration by checking the /etc/resolv.conf file:

$ cat /etc/resolv.conf

The output might look like:

nameserver 8.8.8.8      # Google DNS Server: google-public-dns-a.google.com
nameserver 8.8.4.4      # Google DNS Server: google-public-dns-b.google.com

Again, this only indicates that Google’s DNS servers are configured. We must also verify that the entries match the intended DNS servers.

3. Ping the DNS Server

Pinging a DNS server is a fundamental step in assessing its connectivity. T****he ping command sends a simple network request to the specified IP address and measures the time it takes for a response:

$ ping 8.8.8.8

Here, we’re pinging Google’s public DNS server (8.8.8.8). A successful response would look something like:

Reply from 8.8.8.8: bytes=32 time=14ms TTL=118
Reply from 8.8.8.8: bytes=32 time=15ms TTL=118
Reply from 8.8.8.8: bytes=32 time=13ms TTL=118
Reply from 8.8.8.8: bytes=32 time=14ms TTL=118

If we receive these replies, it indicates that the DNS server is reachable and responding. The time parameter in each line shows the round-trip time in milliseconds. A series of replies with round-trip times indicates a functional connection to the DNS server.

However, it’s essential to note that ping isn’t always a reliable test. Sometimes, firewall restrictions block ICMP requests, resulting in timeouts. If we encounter timeouts or unreachable messages, it doesn’t necessarily mean the server isn’t working; it could indicate that ping requests are being blocked by a firewall.

If the server is configured to block ICMP requests, the output might show timeouts like:

Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2

Let’s look at other ways besides ping that we can use to tell us whether a DNS server is working.

4. Firewall and Security Software

Firewalls and security software on Linux systems sometimes impact DNS communication. Let’s check out a few tools that address these concerns.

4.1. ufw Settings

Linux systems often use ufw, a user-friendly interface for managing iptables. So, we must check ufw settings to ensure DNS traffic is allowed:

$ sudo ufw status

Status: active
To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
Apache Full                ALLOW       Anywhere

If we don’t see an entry for DNS (port 53), we can add it:

$ sudo ufw allow 53

This command will allow DNS traffic through the firewall.

4.2. iptables Rules

We must also check iptables rules to see if DNS traffic is being blocked:

$ sudo iptables -L

The rules related to DNS typically listen on port 53. If we don’t see an entry allowing DNS traffic, we can add it:

$ sudo iptables -A INPUT -p udp --dport 53 -j ACCEPT
$ sudo iptables -A INPUT -p tcp --dport 53 -j ACCEPT

These commands allow both UDP and TCP traffic on port 53.

4.3. SELinux Settings

Security-Enhanced Linux (SELinux) can also impact DNS resolution:

$ sestatus

If SELinux is enforcing and causing issues, we might see “Enforcing” in the output. We must temporarily set SELinux to permissive mode to test if it resolves DNS issues:

$ sudo setenforce 0

We must then re-run sestatus to confirm the change.

By carefully examining and adjusting firewall and security software settings in Linux, we can ensure that DNS traffic is allowed, facilitating a smooth and secure internet connection.

4.4. Different DNS Server

If the issue persists, we should consider using a different DNS server, like Google’s (8.8.8.8 or 8.8.4.4). Temporarily using a different DNS server helps determine if the problem is specific to our current DNS server or related to firewall and security software configurations. If our connection improves, it suggests an issue with the default DNS server.

5. Check DNS Server Response Time

Checking the response time of a DNS server is crucial in determining its efficiency and performance. This involves using tools like dig to measure the time it takes for the DNS server to respond to queries:

$ dig @8.8.8.8 google.com

A successful response might look like:

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> @8.8.8.8 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40084
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:

;google.com.                    IN      A
;; ANSWER SECTION:
google.com.             300     IN      A       142.250.206.174

;; Query time: 111 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Dec 13 07:45:44 IST 2023
;; MSG SIZE  rcvd: 55

This example queries Google’s DNS server (8.8.8.8). The response contains the query time reflecting the performance of this server.

By regularly monitoring DNS server response times, we can identify any latency issues and make informed decisions about the DNS servers we choose to use.

6. Use nslookup

The nslookup command is a powerful tool for querying DNS servers directly, providing detailed information about domain name resolution. We can perform a reverse DNS lookup by querying the IP address for its associated domain:

$ nslookup 93.184.216.34

This query returns information about the domain associated with the provided IP address:

Server:  UnKnown
Address:  192.168.1.1
Name:    example.com
Addresses:  93.184.216.34
          2606:2800:220:1:248:1893:25c8:1946

This example showcases how nslookup can be used to obtain information about domain names and IP addresses.

7. Use Online DNS Tools

Various online tools allow us to check the status of a DNS server. Websites like intodns.com can provide detailed reports on DNS server health and configuration:

DNS Server Report

These online tools are valuable for users who prefer graphical interfaces and detailed reports. They offer comprehensive insights into DNS server health, making it easier to identify issues.

8. Verify Router Settings

In the case of a router acting as a DNS server, we can access its settings through a web browser. The DNS configuration section may display something like:

Primary DNS: 208.67.222.222
Secondary DNS: 208.67.220.220

We must ensure that the DNS server settings match the desired configuration

By inspecting and confirming the DNS server configuration on our router, we can identify and rectify any discrepancies that might be causing DNS-related issues. We can also try rebooting the router to resolve any temporary issues.

9. Conclusion

Ensuring that the DNS server is working properly is essential for a smooth internet experience. Following the steps we discussed in this article will allow us to diagnose and troubleshoot DNS issues.

We also examined situations and saw how applying certain tricks can help us identify whether the DNS server is the root cause of connectivity problems. Eventually, we learned how regular checks contribute to a reliable and efficient online experience.