DNS Trace

The DNS Trace tool performs a detailed analysis of DNS zone delegation. It starts from the root name servers, walks through the DNS hierarchy, and gathers authoritative name server information for each domain level. It also retrieves some commonly used resource records for the queried domain name.

How to Use the DNS Trace Tool:

• Input Domain Name: Enter the domain name you want to trace, e.g., subdomain.example.com.
• Start Analysis: Click on the "DNS Trace" button to begin the DNS lookup and analysis process. The tool will:
  • Start at the root servers.
  • Query each domain level (e.g., com, example.com, subdomain.example.com).
  • Collect and display NS, DS, DNSKEY, and RRSIG records at each level.
  • Retrieve some often used resource records for the target domain.
• View Results: After the analysis completes, the tool will present a report that includes:
  • Authoritative name servers for each domain level.
  • DNSSEC-related records (DS, DNSKEY, RRSIG).
  • SOA, A, AAAA, MX, and CNAME resource records for the target domain name.

This tool is particularly useful for troubleshooting DNS resolution issues, identifying misconfigurations, verifying DNSSEC implementations, and analyzing DNS zone delegation chain.

DNS operates as a hierarchical and distributed system. Each level delegates responsibility for the next level domains (subdomains) to the corresponding authoritative name servers:

• Root Name Servers:
  • The starting point for all DNS lookups.
  • Direct queries to Top-Level Domain (e.g., .com, .org, .ca) name servers.
• Top-Level Domain (TLD) Servers:
  • Manage delegation records for domains under their respective TLDs (e.g., example.com).
  • Provide information about the authoritative name servers for the next level domains.
• Authoritative Name Servers:
  • Host resource records for the specific domains (e.g., example.com).
• Subdomain Levels:
  • Each subdomain (e.g., subdomain.example.com) may have its own authoritative servers or inherit settings from the parent domain.