Why is the outcome different from dig when using the +trace option?
- Updated on 07 Sep 2018
- 1 minute to read
By default dig will use the configured nameservers from /etc/resolv.conf (or one explicitly specified using the command syntax). Without +trace you are testing the ability of the target nameserver to resolve your query.
Adding the +trace option instructs dig to resolve the query from the root nameservers downwards and to report the results from each query step. Thus dig will only use the default or explicitly specified nameserver for the initial discovery of the root nameservers. Thereafter it makes its own queries following the delegation referrals it receives. This can be useful when testing why recursive nameservers are having difficulty obtaining an answer from the Internet authoritative nameservers for a particular query.
Running "dig @127.0.0.1 +trace" from the nameserver being tested may be more helpful for diagnostic purposes as it will start with the same roots as that nameserver is using. It may also use the same source IP address - but this should not be assumed.
Specifying @server does not change this behaviour - the server specified in this way will only be queried for the NS records for the servers authoritative for root (".").