digUnix command-line utilities allow humans to look up RRs in the DNS. They work in rather different ways, with
nslookupbeing oriented towards an interactive user interface (although it does accept command-line arguments), whilst
digalways wants all of its arguments on the command line. However,
digcan be regarded as better in that it shows all of the RRs returned from the DNS, whereas
nslookuponly gives you the answer to your question. You can also ask
digto return any RRs associated with a particular domain name. Note that there are software tools with similar functionality for both PCs and Macs.
nslookup first. Start up
nslookup at the command line, type
for help and take it from there. Try typing
bindi.bendigo.latrobe.edu.au. (ie, with and without a
trailing dot). Try just
bindi on its own, and
bindi.bendigo Interesting? Try an
set query=CNAME and then type in domain name
mailhost.bendigo.latrobe.edu.au. Interesting? Try some
other RR types, such as
^D to quit from
interactive mode in
nslookupreturns a "human-readable" version of the requested RR, whereas
digshows you the entire response from the nameserver. Try something like:
dig ironbark.bendigo.latrobe.edu.auat the Unix command line. Note that the response contains several sections, of which the "ANSWER SECTION" is the requested RR(s). What can you infer about the other sections?
MXRR type is interesting. Use
digto look up the La Trobe
MXstudent mailserver, thus:
dig students.latrobe.edu.au MX. Which machines are mail relays for
students.latrobe.edu.au? Try it again for (eg)
PTR(reverse) lookup is handled differently by each of the DNS utilities. In
dig, the "formal" syntax is
dig 22.214.171.124.in-addr.arpa PTR, however there is a "short cut" syntax that looks like
dig -x 126.96.36.199.
nslookup, on the other hand, infers the need for a reverse lookup from the fact that the first character of the supplied argument is numeric.
PTRlookup using each of
Received:header in a typical spam email. Often you will find that it's given as an IP address, not as a domain name. Could you use this fact as a test to see whether messages are valid or spam? How?
www.latrobe.edu.au. Then do a
PTRlookup on the IP address that you get. Interesting?