Back to module
Hands-on Lab

#Lab: DNS Configuration and Troubleshooting

Configure and troubleshoot DNS in a hands-on environment.

#๐ŸŽฏ Objectives

  • Set up a local DNS server using dnsmasq
  • Configure various DNS record types
  • Troubleshoot common DNS issues
  • Use DNS tools for diagnostics

#๐Ÿ“‹ Prerequisites

  • Linux system (Ubuntu/Debian recommended) or WSL2
  • Basic command-line knowledge
  • Root/sudo access

#โฑ๏ธ Duration: 45 minutes

#Task 1: Explore DNS Resolution (10 min)

#Step 1.1: Check Current DNS Configuration

bash
1# View current DNS servers
2cat /etc/resolv.conf
3
4# Check DNS resolution
5dig google.com +short
6
7# Trace full DNS resolution path
8dig +trace google.com

#Step 1.2: Compare Different DNS Providers

bash
1# Query Google DNS
2dig @8.8.8.8 example.com +stats | grep "Query time"
3
4# Query Cloudflare DNS  
5dig @1.1.1.1 example.com +stats | grep "Query time"
6
7# Query Quad9 DNS
8dig @9.9.9.9 example.com +stats | grep "Query time"

Expected Output:

;; Query time: 23 msec

#Step 1.3: Query Different Record Types

bash
1# A record (IPv4)
2dig example.com A +short
3
4# AAAA record (IPv6)
5dig example.com AAAA +short
6
7# MX record (mail)
8dig google.com MX +short
9
10# TXT record (verification/SPF)
11dig google.com TXT +short
12
13# NS record (nameservers)
14dig example.com NS +short
15
16# SOA record (zone info)
17dig example.com SOA

#Task 2: Set Up Local DNS with dnsmasq (15 min)

#Step 2.1: Install dnsmasq

bash
1# Ubuntu/Debian
2sudo apt update
3sudo apt install -y dnsmasq
4
5# Stop systemd-resolved (if running)
6sudo systemctl stop systemd-resolved
7sudo systemctl disable systemd-resolved
8
9# Start dnsmasq
10sudo systemctl start dnsmasq
11sudo systemctl enable dnsmasq

#Step 2.2: Configure dnsmasq

Create a custom configuration:

bash
1# Backup original config
2sudo cp /etc/dnsmasq.conf /etc/dnsmasq.conf.backup
3
4# Create new config
5sudo tee /etc/dnsmasq.conf << 'EOF'
6# Listen on all interfaces
7listen-address=127.0.0.1
8
9# Don't read /etc/resolv.conf
10no-resolv
11
12# Upstream DNS servers
13server=8.8.8.8
14server=8.8.4.4
15server=1.1.1.1
16
17# Cache settings
18cache-size=1000
19
20# Log queries (for debugging)
21log-queries
22log-facility=/var/log/dnsmasq.log
23
24# Local domain
25domain=lab.local
26local=/lab.local/
27
28# Custom DNS entries
29address=/myapp.lab.local/192.168.1.100
30address=/database.lab.local/192.168.1.101
31address=/cache.lab.local/192.168.1.102
32EOF

#Step 2.3: Configure Custom DNS Records

bash
1# Add more custom hosts
2sudo tee /etc/dnsmasq.d/custom-hosts.conf << 'EOF'
3# Development environment
4address=/dev.mycompany.local/10.0.0.10
5address=/staging.mycompany.local/10.0.0.20
6address=/prod.mycompany.local/10.0.0.30
7
8# Block domains (point to localhost)
9address=/ads.example.com/127.0.0.1
10address=/tracking.example.com/127.0.0.1
11
12# Wildcard domain (*.test.local)
13address=/.test.local/192.168.1.200
14EOF

#Step 2.4: Restart and Test

bash
1# Check configuration syntax
2sudo dnsmasq --test
3
4# Restart dnsmasq
5sudo systemctl restart dnsmasq
6
7# Update /etc/resolv.conf to use local DNS
8sudo tee /etc/resolv.conf << 'EOF'
9nameserver 127.0.0.1
10EOF
11
12# Test custom domains
13dig myapp.lab.local +short
14dig database.lab.local +short
15dig anything.test.local +short

Expected Output:

192.168.1.100
192.168.1.101
192.168.1.200

#Task 3: DNS Troubleshooting Scenarios (15 min)

#Scenario 1: Domain Not Resolving

bash
1# Symptom: "Name or service not known"
2dig nonexistent-domain-12345.com
3
4# Troubleshooting steps:
5# 1. Check if DNS server is reachable
6ping -c 3 8.8.8.8
7
8# 2. Query different DNS server
9dig @8.8.8.8 example.com
10dig @1.1.1.1 example.com
11
12# 3. Check local DNS configuration
13cat /etc/resolv.conf
14
15# 4. Verify dnsmasq is running
16sudo systemctl status dnsmasq

#Scenario 2: Slow DNS Resolution

bash
1# Measure DNS query time
2dig example.com | grep "Query time"
3
4# Test multiple servers to find fastest
5for server in 8.8.8.8 1.1.1.1 9.9.9.9 208.67.222.222; do
6  echo -n "$server: "
7  dig @$server example.com | grep "Query time"
8done

Expected Output:

18.8.8.8: ;; Query time: 23 msec
21.1.1.1: ;; Query time: 12 msec
39.9.9.9: ;; Query time: 31 msec
4208.67.222.222: ;; Query time: 45 msec

#Scenario 3: Cached Stale Data

bash
1# Check cache statistics
2sudo kill -USR1 $(pidof dnsmasq)
3sudo tail /var/log/dnsmasq.log | grep -i cache
4
5# Clear dnsmasq cache
6sudo systemctl restart dnsmasq
7
8# Flush system DNS cache (Linux with systemd-resolved)
9# sudo resolvectl flush-caches

#Scenario 4: Debug DNS Queries

bash
1# Watch DNS queries in real-time
2sudo tail -f /var/log/dnsmasq.log &
3
4# Make some queries
5dig google.com
6dig github.com
7dig myapp.lab.local
8
9# Stop watching
10killall tail

#Task 4: Reverse DNS Lookup (5 min)

#Step 4.1: Perform Reverse Lookups

bash
1# Reverse lookup using dig
2dig -x 8.8.8.8 +short
3
4# Reverse lookup using host
5host 8.8.8.8
6
7# Reverse lookup using nslookup
8nslookup 8.8.8.8

Expected Output:

dns.google.

#Step 4.2: Configure PTR Records in dnsmasq

bash
1# Add PTR records for local network
2sudo tee -a /etc/dnsmasq.d/custom-hosts.conf << 'EOF'
3
4# PTR records (reverse DNS)
5ptr-record=100.1.168.192.in-addr.arpa,myapp.lab.local
6ptr-record=101.1.168.192.in-addr.arpa,database.lab.local
7EOF
8
9# Restart and test
10sudo systemctl restart dnsmasq
11dig -x 192.168.1.100 +short

#Task 5: Create DNS Health Check Script

Create a reusable DNS health check script:

diagram
cat << 'EOF' > ~/dns-healthcheck.sh
#!/bin/bash
# DNS Health Check Script

RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m' # No Color

echo "=========================================="
echo "DNS Health Check - $(date)"
echo "=========================================="

# List of domains to check
DOMAINS=("google.com" "github.com" "amazon.com")

# DNS servers to test
DNS_SERVERS=("8.8.8.8" "1.1.1.1" "9.9.9.9")

echo ""
echo "Testing DNS Resolution..."
echo "-----------------------------------------"

for domain in "${DOMAINS[@]}"; do
  result=$(dig +short "$domain" 2>/dev/null | head -1)
  if [ -n "$result" ]; then
    echo -e "${GREEN}โœ“${NC} $domain โ†’ $result"
  else
    echo -e "${RED}โœ—${NC} $domain โ†’ FAILED"
  fi
done

echo ""
echo "Testing DNS Server Response Times..."
echo "-----------------------------------------"

for server in "${DNS_SERVERS[@]}"; do
  time=$(dig @"$server" google.com | grep "Query time" | awk '{print $4}')
  echo "  $server: ${time}ms"
done

echo ""
echo "Local DNS Configuration:"
echo "-----------------------------------------"
echo "Resolvers:"
grep "nameserver" /etc/resolv.conf

echo ""
echo "=========================================="
EOF

chmod +x ~/dns-healthcheck.sh
~/dns-healthcheck.sh

#โœ… Success Criteria

  • Can perform DNS lookups using dig, nslookup, and host
  • Successfully installed and configured dnsmasq
  • Created custom DNS records for local domains
  • Performed reverse DNS lookups
  • Created working DNS health check script
  • Can troubleshoot common DNS issues

#๐Ÿงน Cleanup

bash
1# Stop dnsmasq
2sudo systemctl stop dnsmasq
3sudo systemctl disable dnsmasq
4
5# Re-enable systemd-resolved
6sudo systemctl enable systemd-resolved
7sudo systemctl start systemd-resolved
8
9# Restore original configuration
10sudo cp /etc/dnsmasq.conf.backup /etc/dnsmasq.conf 2>/dev/null
11
12# Remove custom configs
13sudo rm -f /etc/dnsmasq.d/custom-hosts.conf

#๐ŸŽ“ What You Learned

  • DNS query commands: dig, nslookup, host
  • Setting up local DNS with dnsmasq
  • Configuring A records, PTR records, and wildcards
  • DNS troubleshooting methodology
  • Building DNS health check automation

#๐Ÿš€ Next Steps

  • Set up DNS in AWS Route 53 or Azure DNS
  • Explore Kubernetes CoreDNS configuration
  • Implement DNSSEC for security