dig: getting the list of root servers
Posted by jpluimers on 2018/11/15
For many dig queries, it helps to get the current list of root DNS servers.
Though the list is pretty static, occasionally it changes. While writing there were 13 of them and the most recent history report was in “RSSAC023: History of the Root Server System” at [WayBack] www.icann.org/en/system/files/files/rssac-023-04nov16-en.pdf.
So below are the steps to get an accurate list based on
- [WayBack] How do I see the DNS hint file (root name servers)? – Ask Ubuntu.
- [WayBack] dig show only answer – Server Fault (which indicates options like
+noallneed to be in front of your query).
First find out what the root servers are:
$ dig +noall +answer . ns | sort . 106156 IN NS a.root-servers.net. . 106156 IN NS b.root-servers.net. . 106156 IN NS c.root-servers.net. . 106156 IN NS d.root-servers.net. . 106156 IN NS e.root-servers.net. . 106156 IN NS f.root-servers.net. . 106156 IN NS g.root-servers.net. . 106156 IN NS h.root-servers.net. . 106156 IN NS i.root-servers.net. . 106156 IN NS j.root-servers.net. . 106156 IN NS k.root-servers.net. . 106156 IN NS l.root-servers.net. . 106156 IN NS m.root-servers.net.
You should shorten this to $ dig +noall +answer . ns but that will not give you the TTL (how long the information will be cached before your DNS server refreshes it).
Now query at least 3 of these to get the actual list of root servers (I list only one statement, the rest is similar):
$ dig +noall +answer . ns @j.root-servers.net. | sort . 518400 IN NS a.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS d.root-servers.net. . 518400 IN NS e.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS m.root-servers.net.
Compare the lists. If they are equal, then you’re done.
If not, then the internet is in trouble (:
When you want the A and AAAA records with IP addresses in addition to the NS records with names, then add +additional to your query:
dig +noall +answer +additional @j.root-servers.net. | sort . 518400 IN NS a.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS d.root-servers.net. . 518400 IN NS e.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS m.root-servers.net. a.root-servers.net. 518400 IN A 198.41.0.4 a.root-servers.net. 518400 IN AAAA 2001:503:ba3e::2:30 b.root-servers.net. 518400 IN A 192.228.79.201 b.root-servers.net. 518400 IN AAAA 2001:500:200::b c.root-servers.net. 518400 IN A 192.33.4.12 d.root-servers.net. 518400 IN A 199.7.91.13 e.root-servers.net. 518400 IN A 192.203.230.10 f.root-servers.net. 518400 IN A 192.5.5.241 g.root-servers.net. 518400 IN A 192.112.36.4 h.root-servers.net. 518400 IN A 198.97.190.53 i.root-servers.net. 518400 IN A 192.36.148.17 j.root-servers.net. 518400 IN A 192.58.128.30 k.root-servers.net. 518400 IN A 193.0.14.129 l.root-servers.net. 518400 IN A 199.7.83.42 m.root-servers.net. 518400 IN A 202.12.27.33
–jeroen
The Wiert Corner - irregular stream of stuff 
Find the TTL for a domain and subdomain by getting to the authoritative nameserver first « The Wiert Corner – irregular stream of stuff said
[…] dig: getting the list of root servers […]