Ubuntu – How to verify I am using 9.9.9.9 for DNS

dd-wrtdnsUbuntu

I have several machines on my LAN. Most of them Ubuntu based. Router has DD-WRT (v3.0-r33675M kongac Release: 11/03/17) firmware.

I have set DHCP to serve network settings for all my computers. Router has been set to use 9.9.9.9 for DNS server.

Now I want to verify my computers are using quad9 for DNS, but I am unable to do so. My computers see only the router and are not aware which DNS it is using.

For example, command (in Ubuntu)

sudo netstat -l --inet -n -v -p | grep :53 | grep -i udp

Gives

udp        0      0 127.0.1.1:53            0.0.0.0:*

So I cannot verify I am using quad9 in this manner.

Router does not recognize this command, so I cannot verify DNS setting that way.

I have tried things in this post in computer and in DD-WRT command line, but none help:
What DNS servers am I using?

How can I properly verify I am using quad9 for DNS?

Best Answer

You can use tcpdump to see where the DNS traffic goes:

# tcpdump -i eth0 -n udp port 53 or tcp port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
16:09:02.961122 IP 192.168.115.15.49623 > 192.168.115.5.53: 6115+ A? www.heise.de. (30)
16:09:02.983664 IP 192.168.115.5.53 > 192.168.115.15.49623: 6115 1/13/14 A 193.99.144.85 (493)
Related Question