Information Gatheringdnstraceroutedns-serverquery-tracingnetwork

dnstracer

dnstracer traces DNS queries to determine where a given Domain Name Server gets its information for a hostname, following the chain of DNS servers back to the authoritative answer.

Description

dnstracer is a tool designed to trace the path of DNS queries from a specified server back to the source of the authoritative answer for a given hostname. It reveals the delegation chain in the DNS hierarchy, helping users understand how DNS resolution occurs across different servers.

Use cases include debugging DNS resolution issues, mapping DNS infrastructure, and investigating potential DNS misconfigurations or hijacking. Network administrators and security researchers can use it to verify the integrity of DNS responses and identify upstream servers involved in name resolution.

The tool supports various query types and customization options for retries, timeouts, and caching behaviors, making it versatile for detailed DNS analysis.

How It Works

dnstracer sends DNS queries starting from an initial server (default localhost or specified) and follows referrals to parent DNS servers until reaching the authoritative server for the queried hostname. It handles retries, timeouts, and caching as configured, parsing DNS headers and IP details in responses. The tool supports A record queries by default but can specify other query types, source addresses, and IPv4-only mode, displaying verbose packet information and server chains.

Installation

bash

sudo apt install dnstracer

Flags

-cdisable local caching, default enabled

-Cenable negative caching, default disabled

-oenable overview of received answers, default disabled

-q <querytype>query-type to use for the DNS requests, default A

-r <retries>amount of retries for DNS requests, default 3

-s <server>use this server for the initial request, default localhost. If . is specified, A.ROOT-SERVERS.NET will be used.

-t <maximum timeout>Limit time to wait per try

-vverbose

-S <ip address>use this source address.

-4don't query IPv6 servers

Examples

Scan a domain (example.com), retry up to 3 times (-r 3), and display verbose output (-v). Tracing to example.com[a] via 192.168.1.1, maximum of 3 retries.

dnstracer -r 3 -v example.com

Trace DNS queries for example.com using default settings (3 retries, localhost server).

dnstracer example.com

Use Google's DNS server (8.8.8.8) for the initial request to trace example.com.

dnstracer -s 8.8.8.8 example.com

Query MX records for example.com instead of default A records.

dnstracer -q MX example.com

Disable local caching (-c) and enable verbose output for tracing example.com.

dnstracer -c -v example.com

Use A.ROOT-SERVERS.NET (specified as .) for the initial request to trace example.com.

dnstracer -s . example.com

Avoid IPv6 servers (-4) with 5 retries (-r 5) for example.com.

dnstracer -4 -r 5 example.com

Updated 2026-04-16kali.org ↗