From the course: CompTIA Network+ (N10-009) Cert Prep
Troubleshooting DNS
From the course: CompTIA Network+ (N10-009) Cert Prep
Troubleshooting DNS
- One of my favorite lines I'll hear somebody say is they'll call me up and go, "Mike, the Internet's down." I'll go, no, no, no. The internet's just fine. It's the part that you're trying to connect to that's down. Anyway, DNS troubleshooting is a big deal because DNS does tend to go down from time to time. So the number one clue that you got a DNS problem is something like this. Now, I'm using Google Chrome right here because Google Chrome is my primary web browser of choice. There's a lot of reasons to like it or dislike it, but one of the reasons I like Google Chrome is that when there are problems, Google Chrome can often tell you where that problem is. So for example, on here it says this webpage is not available. That's pretty standard there. And it says the server at www.google.com can't be found because the DNS lookup failed. So that's one of the nice things about Chrome. It tells you straight up where the error is. Now, keep in mind other web browsers, for example, internet Explorer and Firefox, they will give you clues too, but a lot of times you're going to have to look down here in the lower left hand corner, it'll say things like attempting to resolve www.google.com. The bottom line is is that your first indication that you have a DNS problem is that you can't use DNS. Anytime you type in a fully qualified domain name, it fails. Web browsers, because they're so predominant, tend to be the first place where people notice it, but if you're using fully qualified domain names in your email server settings, it'll fail. If you're trying to get to an FDP site, it'll fail. So it's always going to fail on you one way or another. Now, I'm going to show you one little quick trick you can do to verify the DNS is a problem. Now, in order to do this, we have to know ahead of time the IP address of a known website. Let me show you mine. So what I'm going to do, I'm just going to open up another tab here real quick. And I actually keep this IP address on my iPhone. So I just pulled up a note on my iPhone and I'm typing it in. I don't even remember what it is. It's a webpage of some kind. Cool. Now, clearly we're hitting a webpage. Now, that's the big clue that you got a DNS problem. If you can access a webpage by its IP address, but not by its DNS name, duh, you've got a DNS problem. So the trick to doing something like this is that you've actually got to keep an IP address for a webpage someplace where you can access it for when you have trouble because you won't be able to get it otherwise. Okay, so I've got a DNS problem. One of the places I'm going to look is that do I have a misconfiguration? So to do that, I'm going to open up a command prompt, and I'm going to run ipconfig/all. All right, lots and lots of stuff in there. Now, I'm actually running off my wireless right now, so I'm looking at my wireless land adapter. And it says that my DNS server is 23.44.55.66. One of the other things that people should know is what is our DNS server? If you're a network tech, you're going to be supporting a lot of computers that all use the exact same DNS. So I can look at that very, very quickly and go, I don't think that that's my DNS server. So let's go ahead and go into our network connections. I'm going to look at my Wi-Fi. And I'm going to look under Properties. There's my IPV four right there, and we'll hit Properties. And this is my IP settings. So this is where we set up. This is DHCP. But I want you to notice this right here. You can do DNS settings separately from all your other settings. So even though DHCP is going to give me my IP address and my subnet mask and my default gateway, notice that this is intentionally misconfigured to manually type in a DNS address. This is actually a very cool and very flexible feature. Now, if I set this back to obtain an IP, I'm sorry, obtain a DNS server address automatically, you got to hit Okay, and you got to hit Close. All right, now I'm going to run ipconfig/all again, and it usually is pretty much instantaneous, although I ran pretty quick there. There we go. Now, if you take a look, you'll see that I've got two DNS server settings, 75.75.76.76, and then all 75s. These are the DNS server settings that are passed out by my ISP. So my router gets DHCP settings from the ISP, and then, because most home routers do this, it automatically passes that DNS information down through DHCP. So that's where these are coming from. And because I know my network and I'm a good Network Plus tech, I know that those are the settings I should have. So let's give it a quick test. And I'm just going to open up another tab, and let's see if I can get to Google properly this time. Ta-da! It works like a champ. All right, now, what you'll notice is that there were two DNS settings there, and that's really, really important because DNS goes out so often, it is standard for you to always have two DNS server settings. So I'm going to go into my properties. Now, you'll notice that those were set in there automatically, but if you take a look, you'll see it says Preferred and Alternate. What's going to happen is that your computer will always try to use the preferred first, but if it fails, it will automatically try the second one without you having to do anything. So in most cases, you're always going to be typing in at least two DNS server settings, or at least you're going to have your DHCP server passing those out. Misconfigurations happen, but they're pretty rare. I mean, most of the time, things work okay there. The challenge that we run into is that DNS servers sometimes just stop working, or, for example, my totalsim.com website, we just moved it about an hour ago from one computer to a new ISP and a new web service and everything. So www.totalsim.com isn't pointing to the old IP address. It should be pointing to the new one. Now, our ISP is taking care of this for us, and it's being propagated through the internet, and the DNS servers are being updated fairly quickly. However, you can run into a lot of problems here. The problem that we run into is that your individual computers and your local DNS server will cache resolved copies of where www.totalsim.com is, and it's our job to wipe those caches and then to tell the computer, look. I know you used to think that www.totalsim.com was at this IP address, but by wiping the cache, it'll compel it to go to another place. So let's clear some cache. To clear your cache, well, first of all, I'm want to show you your cache on your individual computer. So I'm going to do an ipconfig/displaydns. When you run this command, these are all of the resolved DNS addresses that are being stored in your computer. And you can see I've got couple of thousand in here, and I've only been running for a few minutes. So if we take a look at any one particular one here, here we go. Here's www.abc13.com, and somewhere in here, it says go to abc13.com, and in this list, is the actual IP address. And we'll pretend for a moment that's wrong. So what we need to do is we type in the command ipconfig/flushdns. So when we do this, it wipes out all of that cache. The nice part here is that the system now, instead of just assuming that it knows the IP address, will automatically go back to our DNS server and force the resolution. Okay, now, there's a couple other things that can happen here. Let's just say that you're fairly limited in terms of your own local DNS server. You can actually put in replacement DNS servers. So I'm going to go back into my properties. And what I'm going to do this time is I'm going to use the DNS server addresses statically. And I know that my ISP is a 75.75.76.76, but I'm going to type in a really, really famous one, and one you should know, 8.8.8.8. 8.8.8.8 is the big Google DNS servers, and they never go down, ever. So if I think I've got a bad DNS server, one of the things I can do is just replace it on the fly with something like 8.8.8.8, 8.8.4.4. There's a bunch of 'em. Okay, now, the last thing I want to be able to do is to determine is my DNS server good, okay? Now, Network Plus does not assume that you're going to go fixing DNS servers, but you should be able to query a DNS server to determine whether it's working or not. And there's two tools to do that, NS lookup and dig. Now, NS lookup stands for name saver lookup, and NS lookup is actually a very, very powerful tool. However, NS lookup is so powerful that most DNS servers are designed to ignore anything that comes from NS lookup. But this is on the Network Plus, so I want to show you a couple of things. First of all, if I just type nslookup by itself, it says this is my DNS server, and it's just pulling from my primary DNS server. Now, the other thing I could do is I can just type in, at this point, I type in the word server and then a DNS server. Now, you'll see this resolves back as a good DNS server. Now, let me show you what happens when we put in a bad one. I'm just making these numbers up. Now, you'll see that the name couldn't resolve in this case, and that's because it's not a DNS server, so it's not capable of actually doing that. So that's about all that you can really do with NS lookup anymore. If you want to have fun with DNS, you have to use a tool called DIG. DIG does not come with Windows, however. So I'm using a third party tool that's a graphical DIG that works really, really well. If you've got a Unix system, DIG is just, it works at a command prompt. It works great. So let me show you DIG. Now, this is called EzDig, and it works really, really well. So first thing I got to do is I have to say what DNS server do I want to use? Now, look, they've got 'em all built in, a bunch of 'em. So I'm going to say use this DNS service. So this is the one I want to test, and then I got to put in some arbitrary query. So I'm going to test for, it doesn't matter. And I'm going to see the A records for ftp.totalsim.com. So I'm just going to hit Dig. And you'll see it resolves back with a legitimate address. This is telling me that the Google DNS server at 8.8.8.8 is a good DNS server. The query I'm putting in here is just an arbitrary thing that I'm trying to use to make it do something. So let's put in something that doesn't work. I can leave this as it is. Thud, nothing's happening. Now, the thing you need to appreciate about both NS Lookup and DIG is that these are very, very powerful tools. You can do things with them, for example, you can go to a DNS server and query it and say show me all your name server records, stuff like that. It's a huge security disaster because bad guys use this information to generate spam and all kinds of stuff. So over a decade ago, pretty much all DNS servers are shut down so that they won't really respond to hardly any NS lookup or DIG queries. So the one thing these two things can still do though, is you can answer this question. Is this particular DNS server up and running, or is this a DNS server? And that's pretty much all you can do with it. Okay, there's one more tool I want to make mention of, and everybody forgets about this. It's a great DNS tool, and it's just good old ping. You can go to a command prompt and type in ping, space, www.totalsim.com and hit Enter. And I don't care whether the ping works or not. That's irrelevant because what will take place is that the ping still has to resolve that fully qualified domain name to an IP address. So ping is a great, quick and dirty way to say is DNS working. The big thing I want to leave you with on this is that the Network Plus exam is really going to hit you on output. Make sure you know what an NS lookup output looks like. You're going to be seeing it on the exam.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.