dns-network
DNS & Network Debugging
Practical workflows for diagnosing DNS, connectivity, and latency problems.
DNS Lookups
dig (preferred tool)
# A record (IPv4)
dig example.com
# Specific record types
dig example.com AAAA # IPv6
dig example.com MX # Mail servers
dig example.com CNAME # Canonical name
dig example.com TXT # TXT records (SPF, DKIM, verification)
dig example.com NS # Nameservers
dig example.com SOA # Start of authority
# Short output (just the answer)
dig +short example.com
dig +short example.com MX
# Query a specific DNS server
dig @8.8.8.8 example.com
dig @1.1.1.1 example.com
# Trace the full resolution path (root -> TLD -> authoritative)
dig +trace example.com
# Reverse lookup (IP to hostname)
dig -x 93.184.216.34
# Show all records you can get
dig example.com ANY +noall +answer
# Batch lookup from file (one domain per line)
dig -f domains.txt +short
nslookup
nslookup example.com
nslookup example.com 8.8.8.8 # Use specific server
nslookup -type=MX example.com # MX records
nslookup -type=TXT example.com # TXT records
host (quick and simple)
host example.com
host -t MX example.com
host 93.184.216.34 # Reverse lookup
Checking DNS Propagation
When you change DNS records, check multiple resolvers to see if the change has spread:
for dns in 8.8.8.8 1.1.1.1 208.67.222.222 9.9.9.9; do
echo "--- $dns ---"
dig @$dns example.com +short
done
Check the authoritative nameserver directly to confirm the record is correct at the source:
# Find authoritative NS
dig +short example.com NS
# Query it directly
dig @ns1.example.com example.com +short
Connectivity Testing
ping
ping example.com # Continuous (Ctrl+C to stop)
ping -c 5 example.com # Send 5 packets
ping -c 5 -i 0.2 example.com # 200ms interval between packets
ping -W 2 example.com # 2-second timeout per packet (Linux)
ping -t 2 example.com # 2-second timeout per packet (macOS)
What to look for: packet loss percentage and round-trip time variation. Consistent high latency is different from intermittent packet loss -- they point to different problems.
traceroute / tracepath
traceroute example.com # Show each hop to destination
traceroute -n example.com # Skip reverse DNS (faster)
traceroute -T -p 443 example.com # TCP traceroute on port 443
traceroute -I example.com # Use ICMP instead of UDP
Read the output hop by hop. A sudden jump in latency at a specific hop identifies where the slowdown is. Stars (* * *) mean that hop is filtering probes -- not necessarily a problem.
mtr (combines ping + traceroute)
mtr example.com # Interactive, live-updating
mtr -r -c 100 example.com # Report mode, 100 cycles
mtr -rw -c 50 example.com # Wide report (full hostnames)
mtr -T -P 443 example.com # TCP mode on port 443
mtr is the best single tool for diagnosing path-level problems. The Loss% and Avg columns per hop tell you exactly where packets are being dropped or delayed.
curl Timing Breakdown
This is the go-to for diagnosing "the site is slow" complaints:
curl -o /dev/null -s -w "\
DNS lookup: %{time_namelookup}s\n\
TCP connect: %{time_connect}s\n\
TLS handshake: %{time_appconnect}s\n\
First byte: %{time_starttransfer}s\n\
Total time: %{time_total}s\n\
HTTP code: %{http_code}\n" \
https://example.com
How to read the output:
- time_namelookup high (>100ms): DNS is slow. Check resolver, try 8.8.8.8.
- time_connect - time_namelookup high: Network path to server is slow.
- time_appconnect - time_connect high: TLS negotiation is slow (cert chain issues, slow server).
- time_starttransfer - time_appconnect high: Server is slow to generate the response (backend problem).
- time_total - time_starttransfer high: Large response body or slow transfer rate.
curl verbose mode for HTTP debugging
# Full request/response headers and TLS details
curl -v https://example.com
# Even more detail (hex dump of traffic)
curl --trace - https://example.com
# Show only response headers
curl -I https://example.com
# Follow redirects and show each hop
curl -vL https://example.com 2>&1 | grep -E '< HTTP|< Location'
Port Testing
netcat (nc)
# Check if a port is open
nc -zv example.com 443
nc -zv example.com 80
# Scan a range of ports
nc -zv example.com 20-25
# With timeout
nc -zv -w 3 example.com 443
# Test UDP port
nc -zuv example.com 53
Checking listening ports on local machine
# ss (modern replacement for netstat)
ss -tlnp # TCP listening ports with process names
ss -ulnp # UDP listening ports
ss -tlnp | grep :8080 # Check specific port
ss -s # Summary statistics
# netstat (older but universal)
netstat -tlnp # TCP listening (Linux)
netstat -an | grep LISTEN # All listening (macOS)
# lsof
lsof -i :8080 # What process is on port 8080
lsof -i -P -n | grep LISTEN # All listening ports
tcpdump Basics
# Capture all traffic on an interface
sudo tcpdump -i eth0
# Filter by host
sudo tcpdump -i eth0 host example.com
# Filter by port
sudo tcpdump -i eth0 port 443
sudo tcpdump -i eth0 port 53 # DNS traffic
# Filter by protocol
sudo tcpdump -i eth0 tcp
sudo tcpdump -i eth0 udp and port 53
# Save to file for Wireshark analysis
sudo tcpdump -i eth0 -w capture.pcap port 443
# Read a capture file
sudo tcpdump -r capture.pcap
# Show packet contents in ASCII
sudo tcpdump -A -i eth0 port 80
# Limit capture to N packets
sudo tcpdump -c 100 -i eth0 port 443
# Common combo: DNS queries leaving this machine
sudo tcpdump -i any -n port 53
On macOS, use en0 (Wi-Fi) or en1 instead of eth0. Run tcpdump -D to list available interfaces.
Local Configuration Files
/etc/hosts
Static hostname-to-IP mappings. Checked before DNS.
# View current entries
cat /etc/hosts
# Add a temporary override (useful for testing before DNS changes)
echo "93.184.216.34 example.com" | sudo tee -a /etc/hosts
# Remove it when done
sudo sed -i '/example.com/d' /etc/hosts # Linux
sudo sed -i '' '/example.com/d' /etc/hosts # macOS
/etc/resolv.conf
DNS resolver configuration.
cat /etc/resolv.conf
# Typical contents:
# nameserver 8.8.8.8
# nameserver 8.8.4.4
# search mycompany.internal
On systems using systemd-resolved, the actual config may be managed elsewhere. Check with resolvectl status.
On macOS, DNS is managed by the system. Check with scutil --dns.
Diagnostic Workflows
"The site is slow"
- Run the curl timing breakdown to isolate which phase is slow.
- If DNS is slow: check
dig +shorttime, try alternate resolvers. - If connect is slow: run
mtr -r -c 50to find where latency spikes. - If TLS is slow: check
curl -vfor cert chain issues or protocol negotiation problems. - If first-byte is slow: the problem is server-side. Check application logs and server resources.
- If transfer is slow: check response size, consider compression, test bandwidth.
"I can't connect to the service"
- Can you resolve the hostname?
dig +short hostname - Can you reach the IP?
ping -c 3 <ip> - Is the port open?
nc -zv hostname port - Is something listening locally?
ss -tlnp | grep :port - Is a firewall blocking?
sudo iptables -L -n(Linux) or check security groups if cloud-hosted. - Is the route correct?
traceroute -n hostname
"DNS isn't resolving"
- Check what resolver you are using:
cat /etc/resolv.conforscutil --dns(macOS). - Query the resolver directly:
dig @<resolver-ip> hostname - Query a known-good public resolver:
dig @8.8.8.8 hostname - If public works but local does not: local resolver or network is the problem.
- If neither works: check if the domain actually has records:
dig +trace hostname - Check for /etc/hosts overrides that might be interfering.
"Works from my machine but not from the server"
- Compare DNS results from both machines:
dig +short hostname - Compare routes:
mtr -r -c 20 hostnamefrom both. - Check if the server has outbound firewall rules or proxy settings.
- Check if the server uses a different resolver (corporate DNS, VPN split-tunnel).
- Check environment variables:
env | grep -i proxy
Quick Reference
| Task | Command |
|---|---|
| Resolve hostname | dig +short example.com |
| Reverse lookup | dig -x 1.2.3.4 |
| Check MX records | dig +short example.com MX |
| Trace DNS path | dig +trace example.com |
| Test port open | nc -zv host 443 |
| Find what is on a port | lsof -i :8080 |
| Listening ports | ss -tlnp |
| Path analysis | mtr -r -c 50 host |
| Capture DNS traffic | sudo tcpdump -i any -n port 53 |
| Full curl timing | curl -o /dev/null -s -w "dns:%{time_namelookup} connect:%{time_connect} tls:%{time_appconnect} firstbyte:%{time_starttransfer} total:%{time_total}\n" URL |
More from 1mangesh1/dev-skills-collection
curl-http
HTTP request construction and API testing with curl and HTTPie. Use when user asks to "test API", "make HTTP request", "curl POST", "send request", "test endpoint", "debug API", "upload file", "check response time", "set auth header", "basic auth with curl", "send JSON", "test webhook", "check status code", "follow redirects", "rate limit testing", "measure API latency", "stress test endpoint", "mock API response", or any HTTP calls from the command line.
28database-indexing
Database indexing internals, index type selection, query plan analysis, and write-overhead tradeoffs across PostgreSQL, MySQL, and MongoDB. Use when user asks to "optimize queries", "create indexes", "fix slow queries", "read EXPLAIN output", "reduce query time", "index strategy", "database performance", "composite index", "covering index", "partial index", "index bloat", "unused indexes", or needs help diagnosing and resolving database performance problems.
13testing-strategies
Testing strategies, patterns, and methodologies across the full testing spectrum. Use when asked about unit tests, integration tests, e2e tests, test pyramid, mocking, test doubles, TDD, property-based testing, snapshot testing, test coverage, mutation testing, contract testing, performance testing, test data management, CI/CD testing, flaky tests, test anti-patterns, test organization, test isolation, test fixtures, test parameterization, or any testing strategy, approach, or methodology.
10secret-scanner
This skill should be used when the user asks to "scan for secrets", "find API keys", "detect credentials", "check for hardcoded passwords", "find leaked tokens", "scan for sensitive keys", "check git history for secrets", "audit repository for credentials", or mentions secret detection, credential scanning, API key exposure, token leakage, password detection, or security key auditing.
10terraform
Terraform infrastructure as code for provisioning, modules, state management, and workspaces. Use when user asks to "create infrastructure", "write Terraform", "manage state", "create module", "import resource", "plan changes", or any IaC tasks.
10kubernetes
Kubernetes and kubectl mastery for deployments, services, pods, debugging, and cluster management. Use when user asks to "deploy to k8s", "create deployment", "debug pod", "kubectl commands", "scale service", "check pod logs", "create ingress", or any Kubernetes tasks.
10