请问怎么跟踪域名解析过程

songzw

请问怎么跟踪域名解析过程

有什么命令吗？

衍水狂客

nslookup

springwind426

tcpdump -i wireless -n port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wireless, link-type EN10MB (Ethernet), capture size 96 bytes
20:33:27.358263 IP 10.1.31.6.32902 > 202.96.64.68.53:  16063+ A? www.linuxsir.cn. (34)
20:33:27.521421 IP 202.96.64.68.53 > 10.1.31.6.32902:  16063 1/2/12 A 218.61.34.138 (289)

在另一个控制台中执行：
nslookup www.linuxsir.cn

你是想得到这个信息吗？

如果想更进一步得到详细的信息，可以在本机上安装一个DNS服务，然后设置本地DNS并查询，同时进行抓包，应该会更详细一些。

下面是我的DNS上的部分包： tcpdump -i eth0 -n port 53
tcpdump: listening on eth0
20:38:08.158505 10.10.6.53.1731 > 210.47.176.1.domain:  23485+ A? q.exceed-speed.info. (37)
20:38:08.159503 210.47.176.1.domain > 10.10.6.53.1731:  23485 1/4/4 A 211.227.236.143 (201) (DF)
20:38:08.171866 10.10.23.29.1027 > 210.47.176.1.domain:  128+ A? router.bittorrent.com. (39)
20:38:08.172796 210.47.176.1.32870 > 38.114.167.120.domain:  37908 [1au] A? router.bittorrent.com. (50) (DF)
20:38:08.215228 10.10.16.35.63488 > 210.47.176.1.domain:  2354+ A? redimages.rednet.com.cn. (41)
20:38:08.405453 38.114.167.120.domain > 210.47.176.1.32870:  37908*- 1/2/2 A[|domain] (DF)
20:38:08.406581 210.47.176.1.domain > 10.10.23.29.1027:  128 1/2/2 A[|domain] (DF)
20:38:08.552361 10.10.2.45.1480 > 210.47.176.1.domain:  222+ A? tj.eastday.com. (32)
20:38:08.553173 210.47.176.1.32870 > 61.129.65.5.domain:  18954 [1au] A? tj.eastday.com. (43) (DF)
20:38:08.614520 10.10.16.35.63513 > 210.47.176.1.domain:  28111+ A? secure-cn.imrworldwide.com. (44)
20:38:08.615257 210.47.176.1.domain > 10.10.16.35.63513:  28111 3/2/2[|domain] (DF)
20:38:08.626805 10.10.2.45.1045 > 210.47.176.1.domain:  223+ A? www.eastday.com. (33)
20:38:08.627512 210.47.176.1.32870 > 61.129.65.5.domain:  53912 [1au] A? www.eastday.com. (44) (DF)
20:38:08.629775 61.129.65.5.domain > 210.47.176.1.32870:  18954*- 1/4/5 A 61.129.65.41 (199) (DF)
20:38:08.631155 210.47.176.1.domain > 10.10.2.45.1480:  222 1/4/1 A 61.129.65.41 (140) (DF)
20:38:08.704389 61.129.65.5.domain > 210.47.176.1.32870:  53912*- 2/4/5 A 61.129.65.18, (216) (DF)
20:38:08.705777 210.47.176.1.domain > 10.10.2.45.1045:  223 2/4/1 A 61.129.65.18, (157) (DF)
20:38:08.859367 10.10.6.53.1731 > 210.47.176.1.domain:  23486+ A? q1.exceed-speed.info. (38)
20:38:08.860130 210.47.176.1.domain > 10.10.6.53.1731:  23486 1/4/4 A 211.227.236.143 (202) (DF)
20:38:08.993575 10.10.31.10.1159 > 210.47.176.1.domain:  20635+ A? achieni.vier.cn. (33)
20:38:08.994312 210.47.176.1.32870 > 222.66.54.118.domain:  59724 A? achieni.vier.cn. (33) (DF)
20:38:09.164997 10.10.24.177.1027 > 210.47.176.1.domain:  58475+ A? relay.ccec.edu.cn. (35)
20:38:09.235274 210.47.176.1.32870 > 220.169.45.195.domain:  29862 [1au] A? redimages.rednet.com.cn. (52) (DF)
20:38:09.243157 222.66.54.118.domain > 210.47.176.1.32870:  59724 ServFail* 0/0/0 (33)
20:38:09.243557 210.47.176.1.32870 > 61.151.239.29.domain:  40243 [1au] A? achieni.vier.cn. (44) (DF)
20:38:09.535847 220.169.45.195.domain > 210.47.176.1.32870:  29862*% 2/1/2 CNAME[|domain]
20:38:09.537093 210.47.176.1.32870 > 220.169.45.195.domain:  11277 [1au] A? news.rednet.com.cn. (47) (DF)
20:38:09.601513 61.151.239.29.domain > 210.47.176.1.32870:  40243* 1/2/3 A 218.24.156.29 (137) (DF)
20:38:09.602507 210.47.176.1.domain > 10.10.31.10.1159:  20635 1/2/2 A 218.24.156.29 (126) (DF)
20:38:09.837672 220.169.45.195.domain > 210.47.176.1.32870:  11277*% 1/1/2 A 220.168.28.50 (108)
20:38:09.838602 210.47.176.1.domain > 10.10.16.35.63488:  2354 2/1/1 CNAME[|domain] (DF)
20:38:09.838991 210.47.176.1.domain > 10.10.16.35.63488:  2354 2/1/1 CNAME[|domain] (DF)