How can I find the answering DNS server?
Is there a way I can trace a DNS request to see where the answer is coming from?
Our network has internal DNS servers that provide internal IP address resolution, and we use EasyDNS to host our public-facing DNS.
The situation is that EasyDNS is set up correctly for a certain address with its external IP, but when I do a dig from within our network, I get the (correct) internal IP - but the domain does not appear to be set up on any of our internal DNS servers. Our primary DNS server (Active Directory) lists the domain as cached, but doesn't say from where.
How can I trace where dig is getting its results from?
Solution 1:
If using dig:
dig +trace ....
otherwise, run Wireshark to capture the packets.
Solution 2:
I'm quoting Justin Scott's answer, because I'm pretty sure he was right:
Are you using NAT routing? Some NAT routers will inspect DNS packets and translate known external IPs that it handles and convert them to the internal IP addresses in the response before forwarding the packet along the network.