TCP/IP Network Administration

TCP/IP Network AdministrationSearch this book
Previous: 8.3 Configuring named Chapter 8
Configuring DNS Name Service
Next: 8.5 Summary
 

8.4 Using nslookup

nslookup is a debugging tool provided as part of the BIND software package. It allows anyone to directly query a nameserver and retrieve any of the information known to the DNS system. It is helpful for determining if the server is running correctly and is properly configured, or for querying for information provided by remote servers.

The nslookup program is used to resolve queries either interactively or directly from the command line. Below is a command-line example of using nslookup to query for the IP address of a host:

% nslookup almond.nuts.com
Server:  peanut.nuts.com
Address:  172.16.12.2

Name:    almond.nuts.com
Address:  172.16.12.1

Here, a user asks nslookup to provide the address of almond.nuts.com. nslookup displays the name and address of the server used to resolve the query, and then it displays the answer to the query. This is useful, but nslookup is more often used interactively.

The real power of nslookup is seen in interactive mode. To enter interactive mode, type nslookup on the command line without any arguments. Terminate an interactive session by entering CTRL-D (^D) or the exit command at the nslookup prompt. Redone in an interactive session, the previous query shown is:

% nslookup
Default Server:  peanut.nuts.com
Address:  172.16.12.2

> almond.nuts.com
Server:  peanut.nuts.com
Address:  172.16.12.2

Name:    almond.nuts.com
Address:  172.16.12.1

> ^D

By default, nslookup queries for A records, but you can use the set type command to change the query to another resource record type, or to the special query type "ANY." ANY is used to retrieve all available resource records for the specified host.

The following example checks MX records for almond and peanut. Note that once the query type is set to MX, it stays MX. It doesn't revert to the default A-type query. Another set type command is required to reset the query type.

% nslookup
Default Server:  peanut.nuts.com
Address:  172.16.12.2

> set type=MX
> almond.nuts.com
Server:  peanut.nuts.com
Address:  172.16.12.2

almond.nuts.com    preference = 5, mail exchanger = almond.nuts.com
almond.nuts.com    inet address = 172.16.12.1

> peanut.nuts.com
Server:  peanut.nuts.com
Address:  172.16.12.2

peanut.nuts.com    preference = 5, mail exchanger = peanut.nuts.com
peanut.nuts.com    inet address = 172.16.12.2
> exit

You can use the server command to control the server used to resolve queries. This is particularly useful for going directly to an authoritative server to check some information. The following example does just that. In fact, this example contains several interesting commands:

% nslookup
Default Server:  peanut.nuts.com
Address:  172.16.12.2

> set type=NS
> zoo.edu
Server:  peanut.nuts.com
Address:  172.16.12.2

Non-authoritative answer:
zoo.edu nameserver = NOC.ZOO.EDU
zoo.edu nameserver = NI.ZOO.EDU
zoo.edu nameserver = NAMESERVER.AGENCY.GOV
Authoritative answers can be found from:
NOC.ZOO.EDU     inet address = 172.28.2.200
NI.ZOO.EDU      inet address = 172.28.2.240
NAMESERVER.AGENCY.GOV inet address = 172.21.18.31
> server NOC.ZOO.EDU
Default Server:  NOC.ZOO.EDU
Address:  172.28.2.200

> set domain=zoo.edu
> set type=any
> tiger
Server:  NOC.ZOO.EDU
Address:  172.28.2.200

tiger.zoo.edu   inet address = 172.28.172.8
tiger.zoo.edu   preference = 10, mail exchanger = tiger.ZOO.EDU
tiger.zoo.edu   CPU=ALPHA OS=UNIX
tiger.zoo.edu   inet address = 172.28.172.8, protocol = 6
         7 21 23 25 79
tiger.ZOO.EDU   inet address = 172.28.172.8
> exit

The final example shows how to download an entire domain from an authoritative server and examine it on your local system. The ls command requests a zone transfer and displays the contents of the zone it receives. [12] If the zone file is more than a few lines long, redirect the output to a file, and use the view command to examine the contents of the file. (view sorts a file and displays it using the UNIX more command.) The combination of ls and view are helpful when tracking down a remote hostname. In the example that follows, the ls command retrieves the big.com zone and stores the information in temp.file. Then view is used to examine temp.file.

[12] For security reasons, many nameservers do not respond to the ls command. See the xfrnets command in Appendix C for information on how to limit access to zone transfers.

peanut% nslookup
Default Server:  peanut.nuts.com
Address:  172.16.12.2

> server minerals.big.com
Default Server:  minerals.big.com
Address:  192.168.20.1

> ls big.com > temp.file
[minerals.big.com]
########
Received 406 records.
> view temp.file
 acmite                         192.168.20.28
 adamite                        192.168.20.29
 adelite                        192.168.20.11
 agate                          192.168.20.30
 alabaster                      192.168.20.31
 albite                         192.168.20.32
 allanite                       192.168.20.20
 altaite                        192.168.20.33
 alum                           192.168.20.35
 aluminum                       192.168.20.8
 amaranth                       192.168.20.85
 amethyst                       192.168.20.36
 andorite                       192.168.20.37
 apatite                        192.168.20.38
 beryl                          192.168.20.23
--More-- q
> exit

These examples show that nslookup allows you to:

Use nslookup's help command to see its other features. Turn on debugging (with set debug) and examine the additional information this provides. As you play with this tool, you'll find many helpful features.


Previous: 8.3 Configuring named TCP/IP Network AdministrationNext: 8.5 Summary
8.3 Configuring named Book Index8.5 Summary