7

Does anyone know how to fetch the raw output of a DNS query using a particular linux command?

The commands that I am familiar with are:

% host

% nslookup

% dig

% whois

however, each of these play around with DNS in some form or another, but how can I get the raw output that the server DNS spits out when its queried?

Many Thanks!

matsko
  • 21,895
  • 21
  • 102
  • 144
  • 1
    whois is actually a different protocol altogether from DNS. – jcomeau_ictx Apr 23 '11 at 07:47
  • 2
    tcpdump is the quickest solution as noted by jcomeau_ictx. Run it while using the 'host' ccommand to capture what is going back and forth. Otherwise, you will need to write your DNS client. BTW, have you tried the -v option to 'host'? – ewh Apr 24 '11 at 04:46

2 Answers2

7

Turns out that the best solution to find out as much of the DNS stuff as possible is to use the host -v command.

host -v xxx.xxx.xxx.xxx

or

host -v domain.com
Chris Jefferson
  • 7,225
  • 11
  • 43
  • 66
matsko
  • 21,895
  • 21
  • 102
  • 144
5

you could get it with tcpdump while running dig. I believe the flags would be tcpdump -n -s0 -x -X port 53

jcomeau_ictx
  • 37,688
  • 6
  • 92
  • 107
  • if you want to watch DNS over TLS aswell, you want to have a look at port 853 – WorldSEnder Oct 16 '18 at 06:16
  • @WorldSEnder and being TLS the network dump will show just garbage, that is encrypted data, and not the DNS packet anymore (which is the first purpose of DoT) – Patrick Mevzek Jul 14 '21 at 15:11