3

BACKGROUND

I am trying to find out what DNS server is being used when I connect to the internet with my wlan0 device. I am running Kubuntu 15.04.

I have searched around and tried a few solutions, none of which work for me. Here is what I have tried:

1. Using the nmcli command

nmcli dev list | grep DNS

as per an answer to the similar question asked here.

This was marked as the answer for the OP, but for me I just get the following output:

Error: 'dev' command 'list' is not valid.

2. Reading resolv.conf:

cat /etc/resolv.conf

This does not give me the DNS information for my connection.

  1. Using nm-tool

nm-tool does not appear to be installed on my system. So that's not the correct answer for me.

  1. Using dnsmasq

There are a few answers which involve the use of dnsmasq. But in all cases I have not understood the answer enough to use it and I don't know what dnsmasq is.

QUESTION

How do I find out what DNS a connection is using, via the command line or GUI, with Kubuntu 15.04?

[EDIT]

It appears that I have had difficulty in articulating this question, because many people have provided answers which - whilst correct - are not quite the answers to the question I had in mind. Here is my attempt at clarification:

The answers provided so far simply give me the address of my router, because my router is responsible for providing the internet connection. But the question I really had in mind was; what internet DNS server is used when I type, for example, "www.google.com" into an internet browser?

I thought this would be relatively easy to find out, mainly because it's easy to dictate which internet DNS server is used myself. I can, for example, bring up my connection settings and tell it to use 8.8.8.8 for DNS, which is Google's public DNS server. My question, then, is; if I don't dictate any specific DNS server, and leave the router to use whatever it is assigned, how do I find out which DNS server(s) it is using?

Community
  • 1
Brian J Hoskins
  • 246

4 Answers4

5

With nmcli you can check which dns servers dnsmasq is configured with:

nmcli dev show wlan0 | grep -i dns

An example would be:

$ nmcli dev show wlan0 | grep -i dns
IP4.DNS[1]:                             10.11.12.1
IP4.DNS[2]:                             10.11.13.1
mgor
  • 1,231
2

Update: As revealed in the comments bellow the question, OP wants to know the DNS server that the router uses. If you use automatic connection, all of the answers given here will tell you address of your router, which means requests go to your router first.The router in turn has its own settings, which forward whatever DNS request you send to router's DNS.

Finding out what DNS server is used on a router is only possible if you access your router's settings, typically for residential routers through 192.168.0.1.

TL;DR: Version 1 - check syslog. Version 2 - send packets with nslookup or dig and see where they go to; more advanced and technical answer, but definitely more fun and in my opinion is a bit more reliable.

The other answers posted above are great and work 99% of the time. In this answer I would like to provide somewhat alternative, more technical solution with nslookup. Another simpler solution is to check /var/log/syslog.

The syslog method

The simple method is to search with grep tool for using nameserver string in /var/log/syslog/ :

$ sudo grep 'using nameserver' /var/log/syslog                                                                                                     
Aug  6 02:25:34 ******** dnsmasq[1487]: using nameserver 208.67.220.220#53

The tcpdump and nslookup method

Here's not so simple method but perhaps more reliable. Since observing where dns requests go will tell us what is the real dns server we can do exactly that. There is such tool as tcpdump. It is used to analyse the packets send by the internet adapters. Frequently , this tool is used in pen testing. For our modest purpose of determining dns, we only need to do two things - run at the same time tcpdump and use another tool nslookup (which actually helps to look up domain names using system's dns server) . Specifically we want to look for packets with that go to .domain destinations. For instance, I run sudo tcpdump -c 50 -i wlan0 > tcpdump-result.txt to capture 50 packets from my wireless adapter, and immediately go to another terminal tab and run nslookup google.com. For convenience I also output tcpdump result to a file tcpdump-result.txt

Now, using a little bit of knowledge of such tools as grep and awk, I filter out the desired information about .domain:

$ awk '/.domain/ {gsub("my-host-name","****");print}' tcpdump-result.txt                                                                 
01:49:48.811363 IP ****.local.29258 > 192.168.0.1.domain: 11608+ PTR? 69.0.168.192.in-addr.arpa. (43)
01:49:49.095361 IP ****.local.44184 > google-public-dns.domain: 9560+ A? google.com. (28)
01:49:49.139361 IP google-public-dns.domain > ****.local.44184: 9560 1/0/0 A 216.58.217.46 (44)

As you can see , my request goes to 192.168.0.1, which is my home router. Therefore , it means you are using DNS server that your Internet Service Provider has assigned to you.

Now, what if we change dns and do it all over again ? 

$ awk '/.domain/ {gsub("my-hostname","****");print}' tcpdump-result2.txt                                                                
02:05:35.885670 IP ****.local.51056 > resolver2.opendns.com.domain: 2511+ A? google.com. (28)
02:05:36.189665 IP ****.local.5503 > 192.168.0.1.domain: 63991+ PTR? 220.220.67.208.in-addr.arpa. (45)
02:05:36.237664 IP 192.168.0.1.domain > ****.local.5503: 63991 1/0/0 PTR resolver2.opendns.com. (80)
02:05:36.241664 IP ****.local.27776 > 192.168.0.1.domain: 58334+ PTR? 69.0.168.192.in-addr.arpa. (43)

Now my requests go to opendns ! But which IP specifically ?

ping resolver2.opendns.com 

PING resolver2.opendns.com (208.67.220.220) 56(84) bytes of data.
64 bytes from resolver2.opendns.com (208.67.220.220): icmp_seq=1 ttl=57 time=59.9 ms
64 bytes from resolver2.opendns.com (208.67.220.220): icmp_seq=2 ttl=57 time=55.9 ms
^C
--- resolver2.opendns.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1003ms
rtt min/avg/max/mdev = 55.999/57.999/59.999/2.000 ms

As you can see it goes to 208.67.220.220

Sergiy Kolodyazhnyy
  • 107,582
0

Here are two ways: 

$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1         **<--Server**
search localdomain

or 

$ dig localhost

; <<>> DiG 9.9.5-3ubuntu0.4-Ubuntu <<>> localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47070
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;localhost.         IN  A

;; ANSWER SECTION:
localhost.      0   IN  A   127.0.0.1

;; Query time: 1 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)         **<--Server**
;; WHEN: Wed Aug 05 11:30:10 EDT 2015
;; MSG SIZE  rcvd: 54

It turns out that the question was "I would like to find out which DNS servers are being used when I use my internet connection to resolve a hostname to an ip. i.e. when I use my internet browser to browse to www.amazon.com, which DNS server translates that into an ip ".

Now, the answer is:

For an existing connection, you cannot. DNS address resolution has happened and is over before you can open the connection.

To see what nameservers are used to resolve a DNS query, you could dig +trace @$( grep nameserver /etc/resolv.conf| awk '{print $2}' | head -n1 ) amazon.com

dig is from the dnsutils package.

waltinator
  • 37,856
0

To show all DNS for each network device, except lo:

for i in /sys/class/net/*; do \
    awk -F/ '! /lo/ {system("nmcli dev show "$(NF)" | grep \"DNS\|DEVICE\"")}' <<< "$i"; \
done

Example output

GENERAL.DEVICE:                         eth0
IP4.DNS[1]:                             192.168.20.1
A.B.
  • 92,125