How to debug DNS queries with tcpdump

Capture DNS query and response packets on UDP port 53 using tcpdump to diagnose resolution failures.

How to debug DNS queries with tcpdump
Prerequisites
Step-by-Step: Debug DNS with tcpdump
How to Verify DNS Resolution

How to debug DNS queries with tcpdump

Capture DNS query and response packets on UDP port 53 using tcpdump to diagnose resolution failures.

Prerequisites

tcpdump installed with root or sudo access.

Step-by-Step: Debug DNS with tcpdump

Capture DNS traffic on UDP port 53. tcpdump displays the query name and response:
```
sudo tcpdump -i eth0 -nn udp port 53
```

Filter DNS queries to a specific DNS server:

sudo tcpdump -i eth0 -nn dst host 8.8.8.8 and udp port 53

Show full packet contents for detailed DNS analysis:
```
sudo tcpdump -i eth0 -nn -X udp port 53 -c 20
```

Save DNS traffic for Wireshark analysis:

sudo tcpdump -i eth0 -w /tmp/dns-debug.pcap udp port 53

How to Verify DNS Resolution

If tcpdump shows outgoing queries but no responses, the DNS server is unreachable or the query is being dropped by a firewall. If responses arrive with NXDOMAIN, the domain does not exist. If responses arrive with SERVFAIL, the DNS server encountered an error.