What DNS server is bind using?












1















I installed Bind9 in 14.04.1 and made no config changes, I did not touch any files in /etc. This means my laptop is a caching DNS server.



My questions are:




  • where is bind getting it's DNS?

  • What servers am I connecting to?


I have no forwarders set in the config file. In the past I have used tools to measure performance and Bind9 with no forwarders is the fastest, but where is bind getting it's DNS data?










share|improve this question





























    1















    I installed Bind9 in 14.04.1 and made no config changes, I did not touch any files in /etc. This means my laptop is a caching DNS server.



    My questions are:




    • where is bind getting it's DNS?

    • What servers am I connecting to?


    I have no forwarders set in the config file. In the past I have used tools to measure performance and Bind9 with no forwarders is the fastest, but where is bind getting it's DNS data?










    share|improve this question



























      1












      1








      1








      I installed Bind9 in 14.04.1 and made no config changes, I did not touch any files in /etc. This means my laptop is a caching DNS server.



      My questions are:




      • where is bind getting it's DNS?

      • What servers am I connecting to?


      I have no forwarders set in the config file. In the past I have used tools to measure performance and Bind9 with no forwarders is the fastest, but where is bind getting it's DNS data?










      share|improve this question
















      I installed Bind9 in 14.04.1 and made no config changes, I did not touch any files in /etc. This means my laptop is a caching DNS server.



      My questions are:




      • where is bind getting it's DNS?

      • What servers am I connecting to?


      I have no forwarders set in the config file. In the past I have used tools to measure performance and Bind9 with no forwarders is the fastest, but where is bind getting it's DNS data?







      networking server dns bind






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Sep 26 '14 at 2:29









      rubo77

      14.7k2993198




      14.7k2993198










      asked Sep 25 '14 at 21:51









      FudruckersFudruckers

      714




      714






















          2 Answers
          2






          active

          oldest

          votes


















          1














          When your laptop obtains an IP address from a dhcp server in the past it used to update file /etc/resolv.conf.



          These days it is not that simple. Ubuntu runs dnsmasq by default. This is a caching nameserver which accelerates your web browsing. So the answer to your first question is "From dnsmasq".



          The sequence is:




          • NetworkManager obtains an IP address and a DNS server and stores the IP address of the DNS server in DBus


          • dnsmasq grabs that IP address from DBus and uses it for upstream queries when there is no cache hit.



          You can find out what is your upstream DNS server with the command sudo grep dnsmasq /var/log/syslog (or syslog.1 or any of the other rotated syslogs if you booted long time ago).



          The "proper" approach would be with the command:



          sudo qdbus --system --literal org.freedesktop.NetworkManager /org/freedesktop/NetworkManager/IP4Config/0 org.freedesktop.NetworkManager.IP4Config.Nameservers



          It will spit out an array of decimal numbers like 17249034. You convert that to hex: 0107330a read it backwards separating the bytes: 0a.33.07.01 and convert back to decimal: 10.51.7.1 which is your upstream DNS server.






          share|improve this answer



















          • 1





            Good explanation! One update: I'm pretty sure dnsmasq is not, by default, configured to cache the dns queries, because of the possible privacy implication that one user could infer other users' activity by whether some queries are a cache hit or not (which you can tell by the response time).

            – Timo Kluck
            Sep 26 '14 at 5:53











          • Well, it runs on mine and I can't recall installing it. The privacy objection is valid on a multi-user system but how many laptops have multiple concurrent users logged on?

            – sмurf
            Sep 26 '14 at 7:31



















          0















          I have no forwarders set in the config file. In the past I have used tools to measure performance and Bind9 with no forwarders is the fastest, but where is bind getting it's DNS data?




          If you don't have any forwarders configured, Bind queries the root name servers. This is 13 servers* around the world, that's responsible for maintaining the root of the DNS systems.



          To get a list of root name servers, run dig +short:



          [~]$ dig +short
          h.root-servers.net.
          b.root-servers.net.
          e.root-servers.net.
          g.root-servers.net.
          m.root-servers.net.
          a.root-servers.net.
          k.root-servers.net.
          d.root-servers.net.
          j.root-servers.net.
          f.root-servers.net.
          c.root-servers.net.
          i.root-servers.net.
          l.root-servers.net.


          These have very stable IP-adresses, so the default configuration shipped with Bind contains entries for all of these thirteen servers. The information is contained in /etc/bind/db.root.



          Given a query, bind will query one of the root name servers for the domain. For instance for example.org, the root name server will reply that it doesn't know, but .org's Name server might know, and give you an list of IP's and names for .org's name servers.



          Bind then goes on to query the .org nameservers, which will likely reply that they do not know, but they know which nameserver (NS record) is responsible for example.org, and give you a list of IP's and names for those nameservers. Finally Bind will query the NS for example.org, and hopefully get an answer.



          As you can see this involves at least three lookups, which is rather slow. A caching NS, such as google or Cloudflare will cache popular names, and thus can respond faster.



          It also shows the hierarchical build of DNS. The root servers contains references to the name servers for Top Level Domains. The TLD's own nameservers contains NS records for all domains registered under that TLD and so forth.



          *: There's more than 13 physical servers. But they logically appear as 13 distinct name servers.



          (The other answer focuses on how the client OS handles DNS. That has nothing to do with how Bind handles DNS.)






          share|improve this answer























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "89"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f528551%2fwhat-dns-server-is-bind-using%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            1














            When your laptop obtains an IP address from a dhcp server in the past it used to update file /etc/resolv.conf.



            These days it is not that simple. Ubuntu runs dnsmasq by default. This is a caching nameserver which accelerates your web browsing. So the answer to your first question is "From dnsmasq".



            The sequence is:




            • NetworkManager obtains an IP address and a DNS server and stores the IP address of the DNS server in DBus


            • dnsmasq grabs that IP address from DBus and uses it for upstream queries when there is no cache hit.



            You can find out what is your upstream DNS server with the command sudo grep dnsmasq /var/log/syslog (or syslog.1 or any of the other rotated syslogs if you booted long time ago).



            The "proper" approach would be with the command:



            sudo qdbus --system --literal org.freedesktop.NetworkManager /org/freedesktop/NetworkManager/IP4Config/0 org.freedesktop.NetworkManager.IP4Config.Nameservers



            It will spit out an array of decimal numbers like 17249034. You convert that to hex: 0107330a read it backwards separating the bytes: 0a.33.07.01 and convert back to decimal: 10.51.7.1 which is your upstream DNS server.






            share|improve this answer



















            • 1





              Good explanation! One update: I'm pretty sure dnsmasq is not, by default, configured to cache the dns queries, because of the possible privacy implication that one user could infer other users' activity by whether some queries are a cache hit or not (which you can tell by the response time).

              – Timo Kluck
              Sep 26 '14 at 5:53











            • Well, it runs on mine and I can't recall installing it. The privacy objection is valid on a multi-user system but how many laptops have multiple concurrent users logged on?

              – sмurf
              Sep 26 '14 at 7:31
















            1














            When your laptop obtains an IP address from a dhcp server in the past it used to update file /etc/resolv.conf.



            These days it is not that simple. Ubuntu runs dnsmasq by default. This is a caching nameserver which accelerates your web browsing. So the answer to your first question is "From dnsmasq".



            The sequence is:




            • NetworkManager obtains an IP address and a DNS server and stores the IP address of the DNS server in DBus


            • dnsmasq grabs that IP address from DBus and uses it for upstream queries when there is no cache hit.



            You can find out what is your upstream DNS server with the command sudo grep dnsmasq /var/log/syslog (or syslog.1 or any of the other rotated syslogs if you booted long time ago).



            The "proper" approach would be with the command:



            sudo qdbus --system --literal org.freedesktop.NetworkManager /org/freedesktop/NetworkManager/IP4Config/0 org.freedesktop.NetworkManager.IP4Config.Nameservers



            It will spit out an array of decimal numbers like 17249034. You convert that to hex: 0107330a read it backwards separating the bytes: 0a.33.07.01 and convert back to decimal: 10.51.7.1 which is your upstream DNS server.






            share|improve this answer



















            • 1





              Good explanation! One update: I'm pretty sure dnsmasq is not, by default, configured to cache the dns queries, because of the possible privacy implication that one user could infer other users' activity by whether some queries are a cache hit or not (which you can tell by the response time).

              – Timo Kluck
              Sep 26 '14 at 5:53











            • Well, it runs on mine and I can't recall installing it. The privacy objection is valid on a multi-user system but how many laptops have multiple concurrent users logged on?

              – sмurf
              Sep 26 '14 at 7:31














            1












            1








            1







            When your laptop obtains an IP address from a dhcp server in the past it used to update file /etc/resolv.conf.



            These days it is not that simple. Ubuntu runs dnsmasq by default. This is a caching nameserver which accelerates your web browsing. So the answer to your first question is "From dnsmasq".



            The sequence is:




            • NetworkManager obtains an IP address and a DNS server and stores the IP address of the DNS server in DBus


            • dnsmasq grabs that IP address from DBus and uses it for upstream queries when there is no cache hit.



            You can find out what is your upstream DNS server with the command sudo grep dnsmasq /var/log/syslog (or syslog.1 or any of the other rotated syslogs if you booted long time ago).



            The "proper" approach would be with the command:



            sudo qdbus --system --literal org.freedesktop.NetworkManager /org/freedesktop/NetworkManager/IP4Config/0 org.freedesktop.NetworkManager.IP4Config.Nameservers



            It will spit out an array of decimal numbers like 17249034. You convert that to hex: 0107330a read it backwards separating the bytes: 0a.33.07.01 and convert back to decimal: 10.51.7.1 which is your upstream DNS server.






            share|improve this answer













            When your laptop obtains an IP address from a dhcp server in the past it used to update file /etc/resolv.conf.



            These days it is not that simple. Ubuntu runs dnsmasq by default. This is a caching nameserver which accelerates your web browsing. So the answer to your first question is "From dnsmasq".



            The sequence is:




            • NetworkManager obtains an IP address and a DNS server and stores the IP address of the DNS server in DBus


            • dnsmasq grabs that IP address from DBus and uses it for upstream queries when there is no cache hit.



            You can find out what is your upstream DNS server with the command sudo grep dnsmasq /var/log/syslog (or syslog.1 or any of the other rotated syslogs if you booted long time ago).



            The "proper" approach would be with the command:



            sudo qdbus --system --literal org.freedesktop.NetworkManager /org/freedesktop/NetworkManager/IP4Config/0 org.freedesktop.NetworkManager.IP4Config.Nameservers



            It will spit out an array of decimal numbers like 17249034. You convert that to hex: 0107330a read it backwards separating the bytes: 0a.33.07.01 and convert back to decimal: 10.51.7.1 which is your upstream DNS server.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Sep 26 '14 at 4:54









            sмurfsмurf

            4,06411527




            4,06411527








            • 1





              Good explanation! One update: I'm pretty sure dnsmasq is not, by default, configured to cache the dns queries, because of the possible privacy implication that one user could infer other users' activity by whether some queries are a cache hit or not (which you can tell by the response time).

              – Timo Kluck
              Sep 26 '14 at 5:53











            • Well, it runs on mine and I can't recall installing it. The privacy objection is valid on a multi-user system but how many laptops have multiple concurrent users logged on?

              – sмurf
              Sep 26 '14 at 7:31














            • 1





              Good explanation! One update: I'm pretty sure dnsmasq is not, by default, configured to cache the dns queries, because of the possible privacy implication that one user could infer other users' activity by whether some queries are a cache hit or not (which you can tell by the response time).

              – Timo Kluck
              Sep 26 '14 at 5:53











            • Well, it runs on mine and I can't recall installing it. The privacy objection is valid on a multi-user system but how many laptops have multiple concurrent users logged on?

              – sмurf
              Sep 26 '14 at 7:31








            1




            1





            Good explanation! One update: I'm pretty sure dnsmasq is not, by default, configured to cache the dns queries, because of the possible privacy implication that one user could infer other users' activity by whether some queries are a cache hit or not (which you can tell by the response time).

            – Timo Kluck
            Sep 26 '14 at 5:53





            Good explanation! One update: I'm pretty sure dnsmasq is not, by default, configured to cache the dns queries, because of the possible privacy implication that one user could infer other users' activity by whether some queries are a cache hit or not (which you can tell by the response time).

            – Timo Kluck
            Sep 26 '14 at 5:53













            Well, it runs on mine and I can't recall installing it. The privacy objection is valid on a multi-user system but how many laptops have multiple concurrent users logged on?

            – sмurf
            Sep 26 '14 at 7:31





            Well, it runs on mine and I can't recall installing it. The privacy objection is valid on a multi-user system but how many laptops have multiple concurrent users logged on?

            – sмurf
            Sep 26 '14 at 7:31













            0















            I have no forwarders set in the config file. In the past I have used tools to measure performance and Bind9 with no forwarders is the fastest, but where is bind getting it's DNS data?




            If you don't have any forwarders configured, Bind queries the root name servers. This is 13 servers* around the world, that's responsible for maintaining the root of the DNS systems.



            To get a list of root name servers, run dig +short:



            [~]$ dig +short
            h.root-servers.net.
            b.root-servers.net.
            e.root-servers.net.
            g.root-servers.net.
            m.root-servers.net.
            a.root-servers.net.
            k.root-servers.net.
            d.root-servers.net.
            j.root-servers.net.
            f.root-servers.net.
            c.root-servers.net.
            i.root-servers.net.
            l.root-servers.net.


            These have very stable IP-adresses, so the default configuration shipped with Bind contains entries for all of these thirteen servers. The information is contained in /etc/bind/db.root.



            Given a query, bind will query one of the root name servers for the domain. For instance for example.org, the root name server will reply that it doesn't know, but .org's Name server might know, and give you an list of IP's and names for .org's name servers.



            Bind then goes on to query the .org nameservers, which will likely reply that they do not know, but they know which nameserver (NS record) is responsible for example.org, and give you a list of IP's and names for those nameservers. Finally Bind will query the NS for example.org, and hopefully get an answer.



            As you can see this involves at least three lookups, which is rather slow. A caching NS, such as google or Cloudflare will cache popular names, and thus can respond faster.



            It also shows the hierarchical build of DNS. The root servers contains references to the name servers for Top Level Domains. The TLD's own nameservers contains NS records for all domains registered under that TLD and so forth.



            *: There's more than 13 physical servers. But they logically appear as 13 distinct name servers.



            (The other answer focuses on how the client OS handles DNS. That has nothing to do with how Bind handles DNS.)






            share|improve this answer




























              0















              I have no forwarders set in the config file. In the past I have used tools to measure performance and Bind9 with no forwarders is the fastest, but where is bind getting it's DNS data?




              If you don't have any forwarders configured, Bind queries the root name servers. This is 13 servers* around the world, that's responsible for maintaining the root of the DNS systems.



              To get a list of root name servers, run dig +short:



              [~]$ dig +short
              h.root-servers.net.
              b.root-servers.net.
              e.root-servers.net.
              g.root-servers.net.
              m.root-servers.net.
              a.root-servers.net.
              k.root-servers.net.
              d.root-servers.net.
              j.root-servers.net.
              f.root-servers.net.
              c.root-servers.net.
              i.root-servers.net.
              l.root-servers.net.


              These have very stable IP-adresses, so the default configuration shipped with Bind contains entries for all of these thirteen servers. The information is contained in /etc/bind/db.root.



              Given a query, bind will query one of the root name servers for the domain. For instance for example.org, the root name server will reply that it doesn't know, but .org's Name server might know, and give you an list of IP's and names for .org's name servers.



              Bind then goes on to query the .org nameservers, which will likely reply that they do not know, but they know which nameserver (NS record) is responsible for example.org, and give you a list of IP's and names for those nameservers. Finally Bind will query the NS for example.org, and hopefully get an answer.



              As you can see this involves at least three lookups, which is rather slow. A caching NS, such as google or Cloudflare will cache popular names, and thus can respond faster.



              It also shows the hierarchical build of DNS. The root servers contains references to the name servers for Top Level Domains. The TLD's own nameservers contains NS records for all domains registered under that TLD and so forth.



              *: There's more than 13 physical servers. But they logically appear as 13 distinct name servers.



              (The other answer focuses on how the client OS handles DNS. That has nothing to do with how Bind handles DNS.)






              share|improve this answer


























                0












                0








                0








                I have no forwarders set in the config file. In the past I have used tools to measure performance and Bind9 with no forwarders is the fastest, but where is bind getting it's DNS data?




                If you don't have any forwarders configured, Bind queries the root name servers. This is 13 servers* around the world, that's responsible for maintaining the root of the DNS systems.



                To get a list of root name servers, run dig +short:



                [~]$ dig +short
                h.root-servers.net.
                b.root-servers.net.
                e.root-servers.net.
                g.root-servers.net.
                m.root-servers.net.
                a.root-servers.net.
                k.root-servers.net.
                d.root-servers.net.
                j.root-servers.net.
                f.root-servers.net.
                c.root-servers.net.
                i.root-servers.net.
                l.root-servers.net.


                These have very stable IP-adresses, so the default configuration shipped with Bind contains entries for all of these thirteen servers. The information is contained in /etc/bind/db.root.



                Given a query, bind will query one of the root name servers for the domain. For instance for example.org, the root name server will reply that it doesn't know, but .org's Name server might know, and give you an list of IP's and names for .org's name servers.



                Bind then goes on to query the .org nameservers, which will likely reply that they do not know, but they know which nameserver (NS record) is responsible for example.org, and give you a list of IP's and names for those nameservers. Finally Bind will query the NS for example.org, and hopefully get an answer.



                As you can see this involves at least three lookups, which is rather slow. A caching NS, such as google or Cloudflare will cache popular names, and thus can respond faster.



                It also shows the hierarchical build of DNS. The root servers contains references to the name servers for Top Level Domains. The TLD's own nameservers contains NS records for all domains registered under that TLD and so forth.



                *: There's more than 13 physical servers. But they logically appear as 13 distinct name servers.



                (The other answer focuses on how the client OS handles DNS. That has nothing to do with how Bind handles DNS.)






                share|improve this answer














                I have no forwarders set in the config file. In the past I have used tools to measure performance and Bind9 with no forwarders is the fastest, but where is bind getting it's DNS data?




                If you don't have any forwarders configured, Bind queries the root name servers. This is 13 servers* around the world, that's responsible for maintaining the root of the DNS systems.



                To get a list of root name servers, run dig +short:



                [~]$ dig +short
                h.root-servers.net.
                b.root-servers.net.
                e.root-servers.net.
                g.root-servers.net.
                m.root-servers.net.
                a.root-servers.net.
                k.root-servers.net.
                d.root-servers.net.
                j.root-servers.net.
                f.root-servers.net.
                c.root-servers.net.
                i.root-servers.net.
                l.root-servers.net.


                These have very stable IP-adresses, so the default configuration shipped with Bind contains entries for all of these thirteen servers. The information is contained in /etc/bind/db.root.



                Given a query, bind will query one of the root name servers for the domain. For instance for example.org, the root name server will reply that it doesn't know, but .org's Name server might know, and give you an list of IP's and names for .org's name servers.



                Bind then goes on to query the .org nameservers, which will likely reply that they do not know, but they know which nameserver (NS record) is responsible for example.org, and give you a list of IP's and names for those nameservers. Finally Bind will query the NS for example.org, and hopefully get an answer.



                As you can see this involves at least three lookups, which is rather slow. A caching NS, such as google or Cloudflare will cache popular names, and thus can respond faster.



                It also shows the hierarchical build of DNS. The root servers contains references to the name servers for Top Level Domains. The TLD's own nameservers contains NS records for all domains registered under that TLD and so forth.



                *: There's more than 13 physical servers. But they logically appear as 13 distinct name servers.



                (The other answer focuses on how the client OS handles DNS. That has nothing to do with how Bind handles DNS.)







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Dec 31 '18 at 17:15









                vidarlovidarlo

                9,52352445




                9,52352445






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Ask Ubuntu!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f528551%2fwhat-dns-server-is-bind-using%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Ellipse (mathématiques)

                    Quarter-circle Tiles

                    Mont Emei