INT21CN Computer Networks

Practical Exercises #9

  1. The nslookup and dig Unix command-line utilities allow humans to look up RRs in the DNS. They work in rather different ways, with nslookup being oriented towards an interactive user interface (although it does accept command-line arguments), whilst dig always wants all of its arguments on the command line. However, dig can be regarded as better in that it shows all of the RRs returned from the DNS, whereas nslookup only gives you the answer to your question. You can also ask dig to return any RRs associated with a particular domain name. Note that there are software tools with similar functionality for both PCs and Macs.

    We'll use nslookup first. Start up nslookup at the command line, type h for help and take it from there. Try typing bindi.bendigo.latrobe.edu.au and bindi.bendigo.latrobe.edu.au. (ie, with and without a trailing dot). Try just bindi on its own, and bindi.bendigo Interesting? Try an set query=CNAME and then type in domain name mailhost.bendigo.latrobe.edu.au. Interesting? Try some other RR types, such as SOA and NS. NB: use exit or ^D to quit from interactive mode in nslookup.

  2. nslookup returns a "human-readable" version of the requested RR, whereas dig shows you the entire response from the nameserver. Try something like: dig ironbark.bendigo.latrobe.edu.auat the Unix command line. Note that the response contains several sections, of which the "ANSWER SECTION" is the requested RR(s). What can you infer about the other sections?

  3. The MX RR type is interesting. Use dig to look up the La Trobe MX student mailserver, thus: dig students.latrobe.edu.au MX. Which machines are mail relays for students.latrobe.edu.au? Try it again for (eg) hotmail.com.

  4. The PTR (reverse) lookup is handled differently by each of the DNS utilities. In dig, the "formal" syntax is dig 60.20.144.149.in-addr.arpa PTR, however there is a "short cut" syntax that looks like dig -x 149.144.20.60. nslookup, on the other hand, infers the need for a reverse lookup from the fact that the first character of the supplied argument is numeric.

    1. Try a PTR lookup using each of nslookup and dig.
    2. Reverse lookups for "distant" IP addresses (ie, not locally available or cached) can take considerable time. You can verify this by "making up" a random IP address with a first number in the range of (eg) 192 to 199 and doing a reverse lookup on it.
    3. If you receive lots of spam, have a look at the last (or near-to-last) Received: header in a typical spam email. Often you will find that it's given as an IP address, not as a domain name. Could you use this fact as a test to see whether messages are valid or spam? How?

  5. Investigate some hosts which have either, or both of, multiple IP addresses and domain names. For example, find the IP address of machine www.latrobe.edu.au. Then do a PTR lookup on the IP address that you get. Interesting?

  6. Ever thought of registering your own domain name? It's not so difficult. In Australia, check out AUNIC. It has links to just about everything you could want to know about Internet domain names.

Web Resources

See lecture notes.

La Trobe Uni Logo


Copyright 2004 by Phil Scott, La Trobe University.
Valid HTML 3.2!