4

I would like to find out address of recursive DNS server which gives me dns replies. Something like tracepath example.com to look for which dns servers ip addresses my request was forwarded to. I found dig +trace example.com but it is more about DNS resolving path which this recursive DNS server takes.

I know about resolvectl status where systemd's resolved shows which DNS server i'm actually using instead of 127.0.0.53:53. This point me to my router which also have its DNS server point to another router in my lan or to actual ISP DNS server which gave me answer when i used dig/nslookup as far as i understand.

The usual way is to look in my modem connection statistics for dns ip that gave me my isp dhcp server. But I am looking for a better way, i.e. simple command line tool.

After some more search I stumbled upon https://www.dnsleaktest.com and this is practically functionality i'm looking for. But i don't really care if my ISP will proxy requests, I would like to just know how to get the ip of recursive DNS server without depending on some website api.

Improve this question

1 Answer 1

Reset to default
0

I would like to just know how to get the ip of recursive DNS server

If you are asking what DNS server has the exact answer to the request then it is not possible to find out.

There is a nice answer on http://serverfault.com which explains why:

I want to know what exact server in the end had the answer. Is that possible?

This is not achievable. You will not find the specific authoritative server that was consulted named anywhere in the payload of a DNS reply. There are CHAOS queries that exist for the purpose of identifying the specific recursive server that replied to you, but no such equivalent for extracting the name of the exact authoritative server that a recursor obtained the data from.

The StackOverflow Q&A that Phillip linked to provides instructions for how to identify the list of NS records that were present in the authority section of a recursive DNS response. This is the full list of servers though, not the specific server. Even were that sufficient for your uses, this information is considered optional by the DNS standards and it is increasingly rare to see it in recursive responses in order to reduce the payload size of internally sourced reflection attacks.

If you know the name of the zone, you can request the full list of NS records via an explicit request for them. This requires knowing that you are at the apex of the zone; a request for example.com NS records will return the desired response but www.example.com will not, unless www was delegated to another set of servers. In this case, you have no choice but to work backwards iteratively until you discover the apex of the zone.

Long story short, there is no reliable short path (i.e. single query) to getting information about all upstream authority from a recursive server, and there is no way to learn the specific authoritative server that responded to a query without also controlling the authoritative server and creating unique data on each server. (if you do this, please create a unique zone for that purpose so that it does not interfere with your more sensitive production zone transfers)

Source: Find out which DNS server answered your query, answer by Andrew B

Improve this answer
1
  • Comments are not for extended discussion; this conversation has been moved to chat.
    – DavidPostill
    Commented Jun 27, 2020 at 15:51

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .