nslookup
and dig
Unix
command-line utilities allow humans to look up RRs in the DNS. They work in
rather different ways, with nslookup
being oriented
towards an interactive user interface (although it does accept
command-line arguments), whilst dig
always wants all of
its arguments on the command line. However, dig
can be
regarded as better in that it shows all of the RRs returned from the
DNS, whereas nslookup
only gives you the answer to your
question. You can also ask dig
to return any RRs
associated with a particular domain name. Note that there are software tools
with similar functionality for both PCs and Macs.
We'll use nslookup
first. Start up
nslookup
at the command line, type h
for help and take it from there. Try typing
bindi.bendigo.latrobe.edu.au
and
bindi.bendigo.latrobe.edu.au.
(ie, with and without a
trailing dot). Try just bindi
on its own, and
bindi.bendigo
Interesting? Try an
set query=CNAME
and then type in domain name
mailhost.bendigo.latrobe.edu.au
. Interesting? Try some
other RR types, such as SOA
and NS
.
NB: use exit
or ^D
to quit from
interactive mode in nslookup
.
nslookup
returns a "human-readable" version of the
requested RR, whereas dig
shows you the entire response
from the nameserver. Try something like:
dig ironbark.bendigo.latrobe.edu.au
at the Unix
command line. Note that the response contains several
sections, of which the "ANSWER SECTION" is the requested
RR(s). What can you infer about the other sections?
MX
RR type is interesting. Use
dig
to look up the La Trobe MX
student
mailserver, thus:
dig students.latrobe.edu.au MX
. Which machines
are mail relays for students.latrobe.edu.au
? Try it again
for (eg) hotmail.com
.
PTR
(reverse) lookup is handled differently by
each of the DNS utilities. In dig
, the "formal" syntax is
dig 60.20.144.149.in-addr.arpa PTR
, however
there is a "short cut" syntax that looks like
dig -x 149.144.20.60
.
nslookup
, on the other hand, infers the need for a reverse
lookup from the fact that the first character of the supplied argument is
numeric.
PTR
lookup using each of
nslookup
and dig
.
Received:
header in a typical spam email. Often you will
find that it's given as an IP address, not as a domain name. Could you use
this fact as a test to see whether messages are valid or spam? How?
www.latrobe.edu.au
. Then do a PTR
lookup on the IP address that you get. Interesting?