
I intended to set up a local DNS server with Technitium and would like to verify the local DNS server returns the correct response when it is being queried for a domain. It does not work while using nslookup mydomain.com. I expect that to be because the local dns server is not reached from a public/internet place.

To exclude that this is caused by my local DNS server not working correctly (locally), I would like to verify that at least the local DNS server returns the correct IP address if it is queried for my domain.


The local DNS server runs on local IP address at port 5379 hence I tried the following commands followed by their respective outputs:

nslookup somedomain.com
;; connection timed out; no servers could be reached

nslookup somedomain.com
nslookup: couldn't get address for 'somedomain.com': failure

nslookup somedomain.com
;; connection timed out; no servers could be reached

nslookup somedomain.com
;; connection timed out; no servers could be reached

So either the testing command nslookup somedomain.com is a possible way to test whether the local DNS server returns the correct IP address when it is queried some domain, and I have not set up the local DNS server correctly, or I am using an incorrect testing command.


How can one test the whether the response of a local DNS server returns the correct IP address when it is queried for a domain (from the device that hosts the DNS server)?

    I suggest using dig instead, it should offer more verbose output. // DNS is not HTTP so throwing URLs at nslookup isn’t going to work.
    – Daniel B
    Commented May 7, 2021 at 12:00
    

Your nslookup syntax is backwards: the server goes after the domain name.

nslookup example.com

You cannot specify a custom port with Windows' nslookup. (Although it has a hidden -port= option, but unfortunately it is ignored.)

URLs will not work here: DNS is not HTTP-based. (There is a specification for carrying DNS messages inside HTTP, but it requires special clients and servers.)

If you have Linux or some BSD available (Windows Subsystem for Linux will work too), there's a wider variety of tools such as dig, drill, or delv. For example:

host -p 5379 example.com

dig @ -p 5379 example.com

As several people have noted, the weakness with this answer is that a ping resolving doesn't prove that your DNS server answered. It just proves that some DNS server did. Assuming you can't switch from nslookup to a different command that supports specifying the port (as suggested in this answer), then I see two options that might help you:

  1. Turn off your DNS server so that it definitely is not answering. Attempt the ping, if it returns nothing then but does provide results when you turn the server on, then it's working. Weakness: it won't work if the internet can resolve the address.

  2. Unplug the network cable. Verify that you can't reach anything (so you know that you don't have a WiFi connection or anything like that). Attempt the ping with the server off (to make sure it isn't cached). Then turn the DNS server on and try the ping again.

Note that in either case, everything has to be configured correctly. So your computer needs to be configured to use your local DNS server and the local DNS server has to be configured to answer the request. If it doesn't work, either of those things might be broken. That's why switching to a different DNS client that supports port selection might be better. Then you could test the client against known good servers and the now verified client against your server.

Another option would be port forwarding. The nslookup command will use port 53. If you configure things so that requests to 53 get forwarded to the correct port, that would also allow a request to go through. Again though, it adds additional things that can be not working. Is the DNS server broken? Or is port forwarding misconfigured? Either could give the same result.


I will try to put here a complete example, including exposing a zone from a local dns server.

We will use bind9 as name server on a Ubuntu 21 machine.

First of all define your zones in a file, I used etc/bind/example.com.zone, modifying this example
Docs: https://bind9.readthedocs.io/en/latest/reference.html#zone-file

$ORIGIN example.com.
$TTL 30
@       SOA     localhost. admin.example.com.   (
                2001062501 ; serial
                21600      ; refresh after 6 hours
                3600       ; retry after 1 hour
                604800     ; expire after 1 week
                86400 )    ; minimum TTL of 1 day
        NS      localhost. ;
        NS      dns1.example.com.
        NS      dns2.example.com.
dns1    A
        AAAA    aaaa:bbbb::1
dns2    A
        AAAA    aaaa:bbbb::2
bar     CNAME   www.example.com

Now you should load this zone from the bind conf file /etc/bind/named.conf, like this

zone "example.com." IN {
  type master;
  file "/etc/bind/example.com.zone";
  allow-update {none; };

I have also added some extra option to the named service /etc/bind/named.conf.options

options {
  listen-on port 53 { any; };
  allow-query       { any; };
  recursion       yes;

Then you can restart the services sudo systemctl restart named bind9

Finally test your zones, you can use what you prefer between dig, host, resolvectl or nslookup.

$ host -t A dns1.example.com localhost

Using domain server:
Name: localhost

dns1.example.com has address

$ host -t AAAA dns1.example.com localhost

Using domain server:
Name: localhost

dns1.example.com has IPv6 address aaaa:bbbb::1

$ host -t CNAME bar.example.com localhost

Using domain server:
Name: localhost

bar.example.com is an alias for www.example.com.example.com.

bind9 test from host to guest virtual machine



You can use nslookup, as Grawity mentioned your syntax was wrong.

You can also use the tools from Bind9 on windows, you do not need the Windows Subsystem for Linux to use them anymore. it doesn't need to be installed. Just unzip it somewhere convenient for command line usage. (comes with dig, delv, host, nslookup, etc) The bind9-nslookup seems to be able to use the hidden port argument that Grawity mentioned in his answer. nslookup-w-port


Debian and Ubuntu install:

sudo apt-get install dnsutils

CentOS 7 install:

yum install bind-utils

A typical use of dig looks like this:
dig @server name type 




is the name or IP address of the name server to query. This can be an IPv4 address in dotted-decimal notation or an IPv6 address in colon-delimited notation. When the supplied server argument is a hostname, dig resolves that name before querying that name server.

If no server argument is provided, dig consults /etc/resolv.conf; if an address is found there, it queries the name server at that address. If either of the -4 or -6 options are in use, then only addresses for the corresponding transport will be tried. If no usable addresses are found, dig will send the query to the local host. The reply from the name server that responds is displayed.


is the name of the resource record that is to be looked up. 


indicates what type of query is required — ANY, A, MX, SIG, etc. type can be any valid query type. If no type argument is supplied, dig will perform a lookup for an A record. 


A typical use of delv looks like:

        delv @server name type 



or you can just use the quick and dirty ping for this.

Full disclosure: If you need to know whether or not your local LAN private server is responding using this method, you need to only have as the first and only DNS server in the network adapters configuration, on the computer running the server app.

Ping mydomain.com and check if it displays the right IP number. is the computers loop-back address, only your local OS can communicate with this IP number.

Make sure the service is attached to a local IP address if you want other computers on the LAN to be able to use the local DNS service.

Don't forget to add the local IP of the DNS service to the adapter settings of other computers on the LAN.

  • Do I understand correctly that your answer implies that ping mydomain.com will always check the local IP addresses that are available for a DNS server that happens to have an IP address entry for mydomain.com before they go out on the internet to look at some default DNS server?
    – a.t.
    Commented May 7, 2021 at 12:45
  • I’m confused. How would you use ping to check whether a DNS server is working? Especially a DNS server that is, from what I understand, not set up in resolv.conf.
    – Daniel B
    Commented May 7, 2021 at 16:55
  • 1
    This will test that a server is capable of resolving the address, but not that a specific server is resolving it.
    – Mark
    Commented May 7, 2021 at 22:30

