Did you know you can use
resolvectl (part of systemd-resolved) to make DNS queries? This is no hate on
dig, since it offers many more features than resolvectl, but sometimes it could be handy to have an alternative.
Basics Link to heading
Running the basic
resolvectl command (or its equivalent
resolvectl status) prints global and per-interface settings of systemd-resolved, mostly protocols and DNS servers.
berkas1@desktop:~ $ resolvectl Global Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: stub Current DNS Server: 184.108.40.206 DNS Servers: 220.127.116.11 Link 2 (enp5s0) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 3 (enp0s25) Current Scopes: DNS Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Current DNS Server: 18.104.22.168 DNS Servers: 22.214.171.124 126.96.36.199
You can also show status of single interface by specifying interface name
resolvectl status enp0s25.
resolvectl statistics could be interesting for DNS problem debugging. It shows if DNSSEC is supported, number of transactions and cache statistics - current cache size, hits and misses.
berkas1@desktop:~ $ resolvectl statistics DNSSEC supported by current servers: no Transactions Current Transactions: 0 Total Transactions: 980120 Cache Current Cache Size: 172 Cache Hits: 207393 Cache Misses: 309010 DNSSEC Verdicts Secure: 0 Insecure: 0 Bogus: 0 Indeterminate: 0
Note: you can reset statistics using command
Monitoring DNS queries will be available in systemd version 252 using
resolvectl monitor and will probably support JSON output.
DNS Querying Link to heading
The argument for DNS resolving is
query. Running simple command
resolvectl query example.com resolves A and AAAA entries and prints them together with information on which network interface the resolving communicated with DNS server, query processing time, if data is authenticated or encrypted and source of the data. Beware of the source - it can be cache or network. Network interface is shown even when local cache was used:
berkas1@desktop:~ $ resolvectl query example.com example.com: 2606:2800:220:1:248:1893:25c8:1946 -- link: enp0s25 188.8.131.52 -- link: enp0s25 -- Information acquired via protocol DNS in 2.1ms. -- Data is authenticated: no; Data was acquired via local or encrypted transport: no -- Data from: cache
To bypass the cache you have to disable it using parameter
berkas1@desktop:~ $ resolvectl query --cache no example.com example.com: 184.108.40.206 -- link: enp0s25 2606:2800:220:1:248:1893:25c8:1946 -- link: enp0s25 -- Information acquired via protocol DNS in 17.2ms. -- Data is authenticated: no; Data was acquired via local or encrypted transport: no -- Data from: network
You can also disable the commentaries using
--legen=no parameter. Also multiple domains can be queried using single command by just listing all of them:
berkas1@desktop:~ $ resolvectl query --cache no --legend no example.com devopsadvocate.com example.com: 220.127.116.11 -- link: enp0s25 2606:2800:220:1:248:1893:25c8:1946 -- link: enp0s25 devopsadvocate.com: 2a06:98c1:3120::9 -- link: enp0s25 2a06:98c1:3121::9 -- link: enp0s25 18.104.22.168 -- link: enp0s25 22.214.171.124 -- link: enp0s25
To specify type of DNS resource use the
--type a parameter. It accepts only one type per command (as of systemd 249). You can query multiple hostnames at the same time:
berkas1@desktop:~ $ resolvectl query --cache no --legend no --type mx gmail.com example.com gmail.com IN MX 40 alt4.gmail-smtp-in.l.google.com -- link: enp0s25 gmail.com IN MX 5 gmail-smtp-in.l.google.com -- link: enp0s25 gmail.com IN MX 20 alt2.gmail-smtp-in.l.google.com -- link: enp0s25 gmail.com IN MX 30 alt3.gmail-smtp-in.l.google.com -- link: enp0s25 gmail.com IN MX 10 alt1.gmail-smtp-in.l.google.com -- link: enp0s25 example.com IN MX 0 -- link: enp0s25
To get PTR record, just query the IP address directly:
berkas1@desktop:~ $ resolvectl query 126.96.36.199 188.8.131.52: dns.google -- link: enp0s25
As always, you can check available functionality of
resolvectl on you system in manpages: