DNS sources
Where does a specific piece of DNS information come from? Point in case: In May 2024, I updated an A record for domain example.fr
. A day later, I still had the old info on my laptop. Of course, I could update /etc/hosts
accordingly, but I would be interested to figure our where this outdated information comes from.
Tools & procedure
These tools are approximately in order from closeby (your computer) to further away:
Check /etc/hosts
Done - It isn't there.
No checking of local DNS cache
Unless you took measures to install tools for local DNS caching or for displaying such a cache, there is no way to inspect a local DNS cache. Some tools that are mentioned about this issue:
systemd-resolve --statistics
- Caches DNS results based on their TTL, but AFAIK, you can't see the resultsresolvectl
- Not really usefulnscd
(Name Service Caching Demon) - A pre-systemd tool that you could have installed for this, but it still wasn't functioningdnsmasq
- Another tool that somehow didn't actually do anything relevant here.
dig
dig or Domain Information Groper is a command-line tool used for querying DNS (Domain Name System) servers to retrieve various types of DNS records for a given domain name. dig is a versatile tool commonly used for troubleshooting DNS-related issues, performing DNS lookups, and gathering information about DNS configurations.
Some of the things dig can do here:
- Retrieve values for given DNS records
- Indicate the source for a DNS reply
- Provide detailed DNS responses - For troubleshooting
- Query specific DNS servers. E.g.:
dig @70.41.94.8 example.fr A
This is the answer section of the reply from dig concerning example.fr:
;; ANSWER SECTION: example.fr. 3384 IN A 23.12.34.190 ;; Query time: 0 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Thu May 09 17:41:11 CEST 2024 ;; MSG SIZE rcvd: 61`
which has the old value of the A record. Its source is 127.0.0.53
, which is the local DNS resolver on my laptop. Resolver implies that it isn't a cached value, but that there is a local mechanism for fetching the answer from somewhere.
Use DNS checker
E.g., https://dnschecker.org/ - Here you can see what value is read for a certain DNS record, at various places in the world.
- You can directly add the record to the URL. E.g.:
https://dnschecker.org/#A/example.fr
- Focused on Europe: E.g.:
https://dnschecker.org/continent/europe/#A/example.fr
- I tried to add the DNS server from Hajnówka [1], but I got an error
Flush DNS cache local resolver
Supposingly, you can flush the cache of the local resolver (127.0.0.53 in my case) through
sudo systemctl restart systemd-resolved
You can also restart your computer.
In the case of example.fr
, dig
gave the same old address
resolvectl status
Use resolvectrl status
to see where the local resolver got its data from. Part of the reply that I got:
Link 3 (wlp3s0) Current Scopes: DNS DefaultRoute setting: yes LLMNR setting: yes MulticastDNS setting: no DNSOverTLS setting: no DNSSEC setting: no DNSSEC supported: no Current DNS Server: 192.168.0.1 DNS Servers: 192.168.0.1 DNS Domain: ~. Link 2 (eno1) Current Scopes: DNS DefaultRoute setting: yes LLMNR setting: yes MulticastDNS setting: no DNSOverTLS setting: no DNSSEC setting: no DNSSEC supported: no Current DNS Server: 192.168.0.1 DNS Servers: 192.168.0.1 DNS Domain: ~.
I guess this means that I have both a wireless and a wired connection and that both have the same DNS server: 192.168.0.1 which happens to be my TP-Link Wireless N Router WR840N.
My router
My Router says that is has the addresses of two DNS servers:
- 70.41.94.8
- 70.41.94.9
However, when I try dig @70.41.94.8 example.fr A
, I get a time-out
- Restarting the router, didn't help
- Changing the DNS entries in the router (for DHCP, default 0.0.0.0) to 8.8.8.8, didn't help
I've had enough
I changed /etc/hosts.