DNS sources
Where does a specific piece of DNS information come from? Point in case: In May 2024, I updated an A record for domain example.fr. A day later, I still had the old info on my laptop. Of course, I could update /etc/hosts accordingly, but I would be interested to figure our where this outdated information comes from.
Tools & procedure
These tools are approximately in order from closeby (your computer) to further away:
Check /etc/hosts
Done - It isn't there.
No checking of local DNS cache
Unless you took measures to install tools for local DNS caching or for displaying such a cache, there is no way to inspect a local DNS cache. Some tools that are mentioned about this issue:
systemd-resolve --statistics- Caches DNS results based on their TTL, but AFAIK, you can't see the resultsresolvectl- Not really usefulnscd(Name Service Caching Demon) - A pre-systemd tool that you could have installed for this, but it still wasn't functioningdnsmasq- Another tool that somehow didn't actually do anything relevant here.
dig
dig or Domain Information Groper is a command-line tool used for querying DNS (Domain Name System) servers to retrieve various types of DNS records for a given domain name. dig is a versatile tool commonly used for troubleshooting DNS-related issues, performing DNS lookups, and gathering information about DNS configurations.
Some of the things dig can do here:
- Retrieve values for given DNS records
- Indicate the source for a DNS reply
- Provide detailed DNS responses - For troubleshooting
- Query specific DNS servers. E.g.:
dig @70.41.94.8 example.fr A
This is the answer section of the reply from dig concerning example.fr:
;; ANSWER SECTION: example.fr. 3384 IN A 23.12.34.190 ;; Query time: 0 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) ;; WHEN: Thu May 09 17:41:11 CEST 2024 ;; MSG SIZE rcvd: 61`
which has the old value of the A record. Its source is 127.0.0.53, which is the local DNS resolver on my laptop. Resolver implies that it isn't a cached value, but that there is a local mechanism for fetching the answer from somewhere.
Use DNS checker
E.g., https://dnschecker.org/ - Here you can see what value is read for a certain DNS record, at various places in the world.
- You can directly add the record to the URL. E.g.:
https://dnschecker.org/#A/example.fr - Focused on Europe: E.g.:
https://dnschecker.org/continent/europe/#A/example.fr - I tried to add the DNS server from Hajnówka [1], but I got an error
Flush DNS cache local resolver
Supposingly, you can flush the cache of the local resolver (127.0.0.53 in my case) through
sudo systemctl restart systemd-resolved
You can also restart your computer.
In the case of example.fr, dig gave the same old address
resolvectl status
Use resolvectrl status to see where the local resolver got its data from. Part of the reply that I got:
Link 3 (wlp3s0)
Current Scopes: DNS
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 192.168.0.1
DNS Servers: 192.168.0.1
DNS Domain: ~.
Link 2 (eno1)
Current Scopes: DNS
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 192.168.0.1
DNS Servers: 192.168.0.1
DNS Domain: ~.
I guess this means that I have both a wireless and a wired connection and that both have the same DNS server: 192.168.0.1 which happens to be my TP-Link Wireless N Router WR840N.
My router
My Router says that is has the addresses of two DNS servers:
- 70.41.94.8
- 70.41.94.9
However, when I try dig @70.41.94.8 example.fr A, I get a time-out
- Restarting the router, didn't help
- Changing the DNS entries in the router (for DHCP, default 0.0.0.0) to 8.8.8.8, didn't help
I've had enough
I changed /etc/hosts.