nettester Examples of such domains are www.dhl.de
or whois.denic.de
. Running dig
with +trace
works until it reaches the actual DNS servers responsible for said domains (*.akam.net
for www.dhl.de
or ns*.denic.net
for whois.denic.de
) which fail to resolve making it impossible to query them.
Can't reproduce this using the unbound
on a recent-ish 9.3_STABLE. All of these resolved fine: www.dhl.de
, dhl.de
, www.denic.de
, denic.de
. (The config. file is a stripped down /usr/share/examples/unbound/unbound.conf
)
Querying the A
-records using host
using this script also works:
query-ns.sh
#!/bin/sh
set -eu
me=${0##*/}
die() {
echo >&2 "$me: $*"
exit 1
}
test $# -eq 1 || die "no site-name given"
# Get nameserver list from the WHOIS service.
#
site=$1
ns=$(whois $site | sed 's/\r$//' | while read s1 s2 v junk
do if [ "$s1" = Nserver: ]
then echo $s2
elif [ "$s1" = Name ] && [ "$s2" = Server: ]
then echo $v
fi
done)
test -n "$ns" || die "no nameservers found"
# Lookup A-records for $site and www.$site on each of the NSes.
#
for a in $ns
do host -t A $site $a
echo " ---"
host -t A www.$site $a
echo "----------------------------------------"
done
What does the script print if you run:
./query-ns.sh dhl.de
./query-ns.sh denic.de
It should print the A
-records for site
and www.site
.