DNS troubleshooting
The following diagnose command can be used to collect DNS debug information. If you do not specify worker ID, the default worker ID is 0
.
# diagnose test application dnsproxy worker idx: 0 1. Clear DNS cache 2. Show stats 3. Dump DNS setting 4. Reload FQDN 5. Requery FQDN 6. Dump FQDN 7. Dump DNS cache 8. Dump DNS DB 9. Reload DNS DB 10. Dump secure DNS policy/profile 11. Dump Botnet domain 12. Reload Secure DNS setting 13. Show Hostname cache 14. Clear Hostname cache 15. Show SDNS rating cache 16. Clear SDNS rating cache 17. DNS debug bit mask 18. DNS debug obj mem 99. Restart dnsproxy worker
To view useful information about the ongoing DNS connection:
# diagnose test application dnsproxy 3 worker idx: 0 vdom: root, index=0, is primary, vdom dns is disabled, mip-169.254.0.1 dns_log=1 tls=0 cert= dns64 is disabled vdom: vdom1, index=1, is primary, vdom dns is enabled, mip-169.254.0.1 dns_log=1 tls=0 cert= dns64 is disabled dns-server:96.45.45.220:45 tz=-480 tls=0 req=0 to=0 res=0 rt=0 rating=1 ready=0 timer=37 probe=9 failure=0 last_failed=0 dns-server:8.8.8.8:53 tz=0 tls=0 req=73 to=0 res=73 rt=5 rating=0 ready=1 timer=0 probe=0 failure=0 last_failed=0 dns-server:65.39.139.63:53 tz=0 tls=0 req=39 to=0 res=39 rt=1 rating=0 ready=1 timer=0 probe=0 failure=0 last_failed=0 dns-server:62.209.40.75:53 tz=60 tls=0 req=0 to=0 res=0 rt=0 rating=1 ready=0 timer=37 probe=9 failure=0 last_failed=0 dns-server:209.222.147.38:53 tz=-300 tls=0 req=0 to=0 res=0 rt=0 rating=1 ready=0 timer=37 probe=9 failure=0 last_failed=0 dns-server:173.243.138.221:53 tz=-480 tls=0 req=0 to=0 res=0 rt=0 rating=1 ready=0 timer=37 probe=9 failure=0 last_failed=0 dns-server:45.75.200.89:53 tz=0 tls=0 req=0 to=0 res=0 rt=0 rating=1 ready=0 timer=37 probe=9 failure=0 last_failed=0 DNS_CACHE: hash-size=2048, ttl=1800, min-ttl=60, max-num=-1 DNS FD: udp_s=12 udp_c=17:18 ha_c=22 unix_s=23, unix_nb_s=24, unix_nc_s=25 v6_udp_s=11, v6_udp_c=20:21, snmp=26, redir=13, v6_redir=14 DNS FD: tcp_s=29, tcp_s6=27, redir=31 v6_redir=32 FQDN: hash_size=1024, current_query=1024 DNS_DB: response_buf_sz=131072 LICENSE: expiry=2015-04-08, expired=1, type=2 FDG_SERVER:96.45.45.220:45 FGD_CATEGORY_VERSION:8 SERVER_LDB: gid=eb19, tz=-480, error_allow=0 FGD_REDIR_V4:208.91.112.55 FGD_REDIR_V6:
Important fields include:
tls |
1 if the connection is TLS, 0 if the connection is not TLS. |
rt |
The round trip time of the DNS latency. |
probe |
The number of probes sent. |
To dump the second DNS worker's cache:
diagnose test application dnsproxy 7 1
To enable debug on the second worker:
diagnose debug application dnsproxy -1 1
To enable debug on all workers by specifying -1 as worker ID:
diagnose debug application dnsproxy -1 -1