DNS Related Commands Sayed Ahmed Computer Engineering, BUET, Bangladesh (Graduated on 2001 ) MSc, Computer Science, U of Manitoba, Canada
Will list mostly DNS related commands and concepts At one point, will try to discuss DNS system At another point, will try to explain how to configure DNS system Related Zones (Forward Zones, Reverse Zones) And related
How to configure DNS in Linux made-easy/domain-name-server.html made-easy/domain-name-server.html administrations/dns-server.html administrations/dns-server.html How does the DNS system work m m system_works system_works
Authoritative Answer vs Non-Authoritative Answer For a DNS related Linux command Any answer that originates from the DNS Server which has the complete zone file information available for the domain is said to be authoritative answer. In many cases, DNS servers will not have the complete zone file information available for a given domain. Instead, it maintains a cache file which has the results of all queries performed in the past for which it has gotten authoritative response. When a DNS query is given, it searches the cache file, and return the information available as “Non-Authoritative Answer”.
Get domain/host IP address nslookup yahoo.com host -t A yahoo.com
1. nslookup – Simple Example nslookup followed by the domain name will display the “A Record” ( IP Address ) of the domain $ nslookup redhat.com Server: Address: #53 Non-authoritative answer: Name:redhat.com Address:
2. Query the MX Record using -query=mx MX ( Mail Exchange ) record maps a domain name to a list of mail exchange servers for that domain. The MX record tells that all the mails sent to should be routed to the Mail server in that domain. $ nslookup -query=mx redhat.com Server: Address: #53 Non-authoritative answer: redhat.commail exchanger = 10 mx2.redhat.com. redhat.commail exchanger = 5 mx1.redhat.com. Authoritative answers can be found from: mx2.redhat.cominternet address = mx1.redhat.cominternet address =
3. Query the NS Record using -query=ns NS ( Name Server ) record maps a domain name to a list of DNS servers authoritative for that domain. It will output the name serves which are associated with the given domain nslookup -type=ns redhat.com Server: Address: #53 Non-authoritative answer: redhat.comnameserver = ns4.redhat.com. redhat.comnameserver = ns2.redhat.com. redhat.comnameserver = ns1.redhat.com. redhat.comnameserver = ns3.redhat.com. Authoritative answers can be found from: ns4.redhat.cominternet address = ns2.redhat.cominternet address = ns1.redhat.cominternet address = ns3.redhat.cominternet address =
4. Query the SOA Record using -query=soa SOA record ( start of authority ), provides the authoritative information about the domain, the address of the domain admin, the domain serial number, etc… $ nslookup -type=soa redhat.com Server: Address: #53 Non-authoritative answer: redhat.com origin = ns1.redhat.com mail addr = noc.redhat.com serial = refresh = 300 retry = 180 expire = minimum = 14400
Authoritative answers can be found from: ns1.redhat.com internet address = View available DNS records using -query=any We can also view all the available DNS records using -query=any option. $ nslookup -type=any google.com Server: Address: #53 Non-authoritative answer: Name:google.com Address: Name:google.com Address: google.comnameserver = ns1.google.com. google.comnameserver = ns2.google.com.
google.com origin = ns1.google.com mail addr = dns-admin.google.com serial = refresh = 7200 retry = 1800 expire = minimum = 300 google.commail exchanger = 20 alt1.aspmx.l.google.com. google.commail exchanger = 30 alt2.aspmx.l.google.com. google.commail exchanger = 40 alt3.aspmx.l.google.com. google.commail exchanger = 50 alt4.aspmx.l.google.com. google.commail exchanger = 10 aspmx-v4v6.l.google.com. google.comhas AAAA address 2a00:1450:4002:801::1004 Authoritative answers can be found from: ns4.google.cominternet address = ns3.google.cominternet address =
6. Reverse DNS lookup You can also do the reverse DNS look-up by providing the IP Address as argument to nslookup. $ nslookup Server: Address: #53 Non-authoritative answer: in-addr.arpaname = origin- www2.redhat.com.
7. Using Specific DNS server Instead of using default DNS server’s for querying, you can also specify a particular name server to resolve the domain name. $ nslookup redhat.com ns1.redhat.com Server: Address: #53 Name:redhat.com Address: In the above command, we have used the ns1.redhat.com as the DNS server. Here you may notice that, we don’t get any “Non-authoritative answer:” header, since ns1.redhat.com has all the zone information of redhat.com
8. Change the port number to connect with By default DNS servers uses the port number 53. If for any reasons, the port number got changed, then we can specify the port number using -port option $ nslookup -port 56 redhat.com
9. Change timeout interval to wait for a reply You can change the default timeout to wait for a reply using -timeout option $ nslookup -timeout=10 redhat.com
10. Enabling debug mode using -debug You can turn on/off the debugging using -debug option in the command line $ nslookup -debug redhat.com Server: Address: #53
Code: host nslookup
You can also use dig Code: dig yahoo.com dig
Your name server listed in /etc/resolv.conf file Code: more /etc/resolv.conf cat /etc/resolv.conf vi /etc/resolv.conf
host This is the simplest of the DNS commands. It is a quick way to determine the IP address of a hostname: host has address mail is handled (pri=80) by mail is handled (pri=10) by mail.ssc.com mail is handled (pri=40) by cascadia.a42.com
Now that you know the IP address for you might want to make sure the reverse lookup works. The reverse lookup checks to see if the reverse zone file maps the IP address to the hostname: host IN-ADDR.ARPA domain name pointer
Listing 1. DNS Info in Verbose Format with -a Option host -a Trying null domain rcode = 0 (Success), ancount=4 The following answer is not authoritative: The following answer is not verified as authe by the server: IN MX 80 IN MX 10 mail.ssc.com IN A IN MX 40 cascadia.a42.com
For authoritative answers, see: linuxjournal.com IN NS NS2.ssc.com linuxjournal.com IN NS cascadia.a42.com linuxjournal.com IN NS NS2.RACKSPACE.com Additional information: IN A mail.ssc.com IN A cascadia.a42.com IN A NS2.ssc.com IN A NS2.RACKSPACE.com IN A
dig (domain information groper) This powerful command gathers and returns DNS information in a format the name server can use directly. For this reason, dig is particularly useful in scripts. You will find it easy to query specific name servers with dig, making it a useful tool for narrowing down the source of DNS problems. Suppose you have just transferred your domain name hosting from old-host.com to new-host.com. A customer sends you an saying he cannot reach your web site when he is logged into his ISP. You suspect the zone information simply has not had time to propagate. So, you find out what the NS records are for the ISP in question:
dig ns isp-in-question.com ;; ANSWER SECTION: isp-in-question.com. 10H IN NS ns1.hugeupstream.com. isp-in-question.com. 10H IN NS isp-in- question.com. isp-in-question.com. 10H IN NS ns.isp-in- question.com. isp-in-question.com. 10H IN NS ns.goodnameserver.com.
Then you check your company's web site against the ISP's name servers: dig ;; ANSWER SECTION: 59m53s IN A
Just as you can issue commands to nslookup interactively, you can also change the initial defaults by starting a.nslookuprc file. The format of the.nslookup is one command per line: set type=NS set domain=srvns.new-host.com set timeout=10
Listing 2. Output with nslookup nslookup Default Server: server.randomisp.com Address: > set all Default Server: server.randomisp.com Address: Set options: nodebug defname search recurse nod2 novc noignoretc port=53 querytype=A class=IN timeout=10 retry=2 root=a.root-servers.net. domain=randomisp.com srchlist=randomisp.com
> set type=mx > server srvns.new-host.com Default Server: srvns.new-host.com Address: > yourcompany.com Server: webns.new-host.com Address: yourcompany.com preference = 10, mail exchanger =< mail.new-host.com yourcompany.com nameserver = srvns.new-host.com yourcompany.com nameserver = webns.new-host.com mail.new-host.com internet address = srvns.new-host.com internet address = webns.new-host.com internet address = > exit