Saturday, February 19, 2011

Explore domain name resolution tools in Linux

Often times, we are faced with issues pertaining to DNS name resolutions. In this series of articles, I will explore different tools available in Linux that can help in DNS name resolutions. First we will look at the utility called host
host is most basic and simple utility for performing DNS lookups. In its normal usage it resolves names to IPs. For example, in the following command we are asking host to give us the IP of www.example.com
host www.example.com
www.example.com has address 208.77.188.166
As you can see, we got the IP that www.example.com points to.
For more detailed (verbose) output, we have the -v or -d option
host -v www.example.com
Trying "www.example.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46859
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.example.com.               IN      A

;; ANSWER SECTION:
www.example.com.        172764  IN      A       208.77.188.166

;; AUTHORITY SECTION:
example.com.            172709  IN      NS      b.iana-servers.net.
example.com.            172709  IN      NS      a.iana-servers.net.

;; ADDITIONAL SECTION:
a.iana-servers.net.     67316   IN      A       192.0.34.43
b.iana-servers.net.     172709  IN      A       193.0.0.236

Received 129 bytes from 192.168.23.1#53 in 5 ms
Trying "www.example.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20897
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.example.com.               IN      AAAA

;; AUTHORITY SECTION:
example.com.            10764   IN      SOA     dns1.icann.org. hostmaster.icann.org. 2007051703 7200 3600 1209600 86400

Received 94 bytes from 192.168.23.1#53 in 2 ms
Trying "www.example.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13380
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.example.com.               IN      MX

;; AUTHORITY SECTION:
example.com.            10764   IN      SOA     dns1.icann.org. hostmaster.icann.org. 2007051703 7200 3600 1209600 86400

Received 94 bytes from 192.168.23.1#53 in 14 ms
If you are interested in particular type of record such as CNAME, MX, NS, SOA, SIG, KEY, AXFR, etc, use the -t option. By default it looks for A record. The following examples will search for name server (NS), mail server (MX) and Start of Authority (SOA) records for google.com domain and the last example gives the domain name that the IP 64.233.169.99 points to (pointer or PTR record)
host -t NS google.com
google.com name server ns2.google.com.
google.com name server ns3.google.com.
google.com name server ns4.google.com.
google.com name server ns1.google.com.

host -t MX google.com
google.com mail is handled by 100 smtp2.google.com.
google.com mail is handled by 10 google.com.s9a1.psmtp.com.
google.com mail is handled by 10 google.com.s9a2.psmtp.com.
google.com mail is handled by 10 google.com.s9b1.psmtp.com.
google.com mail is handled by 10 google.com.s9b2.psmtp.com.
google.com mail is handled by 100 smtp1.google.com.

host -t SOA google.com
google.com has SOA record ns1.google.com. dns-admin.google.com. 1393514 7200 1800 1209600 300

host -t PTR 64.233.169.99
99.169.233.64.in-addr.arpa domain name pointer yo-in-f99.google.com.
To display the SOA records for zone name from all the listed authoritative name servers for that zone, use the -C option. The list of name servers is defined by the NS records that are found for the zone.
host -C example.com
Nameserver b.iana-servers.net:
        example.com has SOA record dns1.icann.org. hostmaster.icann.org. 2007051703 7200 3600 1209600 86400
Nameserver a.iana-servers.net:
        example.com has SOA record dns1.icann.org. hostmaster.icann.org. 2007051703 7200 3600 1209600 86400
To have host try the UDP query more than once if a query gets unanswered, use -R and the number of tries. The following example will try three times to resolve www.example.com if the previous query does not get answered 
host -R 3 www.example.com
www.example.com has address 208.77.188.166
By default host uses UDP when making queries. The -T option makes it use a TCP connection when querying the name server. TCP will be automatically selected for queries that require it, such as zone transfer (AXFR) requests.
host -T www.google.com
www.google.com is an alias for www.l.google.com.
www.l.google.com has address 64.233.169.104
www.l.google.com has address 64.233.169.147
www.l.google.com has address 64.233.169.99
www.l.google.com has address 64.233.169.103
If you want to wait for the answer longer than the default (maybe you are on a slow connection), use the -W and a number of seconds to wait for the answer. If wait is less than one, the wait interval is set to one second.
host -W 5 www.google.com
www.google.com is an alias for www.l.google.com.
www.l.google.com has address 64.233.169.147
www.l.google.com has address 64.233.169.99
www.l.google.com has address 64.233.169.103
www.l.google.com has address 64.233.169.104
host uses the name server that are configured in /etc/resolv.conf. If you want it to make the search against another name server, specify that at the end of the command. It can be either the name or IP address of the name server that host should query.
host www.google.ca ns4.google.com
Using domain server:
Name: ns4.google.com
Address: 216.239.38.10#53
Aliases:

www.google.ca is an alias for www.google.com.
www.google.com is an alias for www.l.google.com.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)