… up to the DNS server that answers it? When I use the public DNS server provided by Google (8.8.8.8), this is the DNS server reported by "nslookup" (8.8.8.8), however the www.dnsleaktest.com website shows a different IP number, actually two, 74.125.189.22 and 74.125.189.23. Is there a way to trace the route taken by the DNS query from 8.8.8.8 to 74.125.189.22, including other DNS servers eventually queried in-between? I tried nslookup's debug options, but there is no reference to 74.125.189.22 in the debug info.
Windows – How to trace the route of a DNS query
dnswindows 7
Related Solutions
Well, I'm no expert, but here's what I found:
This registry entry works for both Windows XP and Windows Vista
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClient]
"AppendToMultiLabelName"=dword:00000000
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient\AppendToMultiLabelName
Type = DWORD
Data:
- 0 (Do not Append Suffix)
- 1 (Append suffix)
If the registry entry is not present, the default in Windows XP is 1, and 0 in Windows Vista.
Note: This registry changes and its effect apply only to the ping
command, they do not apply to the nslookup
tool. This is because nslookup
contains its own DNS resolver and does not rely on the resolver built into the operating system (DNS Client). The DNS (multi-label) query packets sent by the nslookup
tool will append the domains listed in the suffix search order irrespective of the registry key settings mentioned here.
You don't see the DNS request in traceroute. To see which DNS server is used, try nslookup:
# nslookup www.google.com
Server: 10.0.0.100
Address: 10.0.0.100#53
Non-authoritative answer:
Name: www.google.com
Address: 173.194.75.106
Name: www.google.com
Address: 173.194.75.147
Name: www.google.com
Address: 173.194.75.99
Name: www.google.com
Address: 173.194.75.103
Name: www.google.com
Address: 173.194.75.104
Name: www.google.com
Address: 173.194.75.105
Or:
# dig www.google.com |grep SERVER
;; SERVER: 10.0.0.100#53(10.0.0.100)
The Name and Address (or SERVER) part is your DNS server. Traceroute gives you the route from your IP to google, which of course will go through your ISP.
Best Answer
Yes you can use dig +trace but it only works externally.
I do this on a daily basis at work. And I can tell you there is no tool that will 'trace' the path of DNS forwarding that happens in Enterprise environments.
There are two models of DNS traversal.
Number 1 is how the public internet works. This is easy to trace. You can use
Number 2 is how internal DNS at companies works. This cannot be traced with a command
When I have to trace #2, I do it manually