bind-utils
packagednsutils
package# Lookup A record
$ dig osuosl.org
# Lookup PTR record
$ dig -x 140.210.15.183
# Lookup a specific record type
$ dig TXT osuosl.org
# Plus options to extend output
$ dig +short osuosl.org
They look like:
osuosl.org. 300 IN A 140.211.15.183
osuosl.org. |
Record being queried |
140.211.15.183 |
The 'answer' |
300 |
Time to Live (TTL) (expiration time) |
IN A |
DNS record type |
Same as A, but for IPv6.:
google.com. 271 IN AAAA 2607:f8b0:400a:805::100e
They look like:
osuosl.org. 3600 IN MX 5 smtp3.osuosl.org.
osuosl.org. 3600 IN MX 5 smtp4.osuosl.org.
osuosl.org. 3600 IN MX 5 smtp1.osuosl.org.
osuosl.org. 3600 IN MX 5 smtp2.osuosl.org.
They look like:
osuosl.org. 86258 IN NS ns1.auth.osuosl.org.
osuosl.org. 86258 IN NS ns2.auth.osuosl.org.
osuosl.org. 86258 IN NS ns3.auth.osuosl.org.
in-addr.arpa
ip6.arpa
.arpa
?$ dig -x 140.211.15.183
;; QUESTION SECTION:
;183.15.211.140.in-addr.arpa. IN PTR
;; ANSWER SECTION:
183.15.211.140.in-addr.arpa. 86400 IN PTR web1.osuosl.org.
;; QUESTION SECTION:
;15.211.140.in-addr.arpa. IN NS
;; ANSWER SECTION:
15.211.140.in-addr.arpa. 86400 IN NS ns1.auth.osuosl.org.
15.211.140.in-addr.arpa. 86400 IN NS ns2.auth.osuosl.org.
15.211.140.in-addr.arpa. 86400 IN NS ns3.auth.osuosl.org.
15.211.140.in-addr.arpa. 86400 IN NS ns1.nero.net.
;; QUESTION SECTION:
;10.169.211.140.in-addr.arpa. IN NS
;; ANSWER SECTION:
10.169.211.140.in-addr.arpa. 3600 IN CNAME 10.0-63.169.211.140.in-addr.arpa.
;; QUESTION SECTION:
;0-63.169.211.140.in-addr.arpa. IN NS
;; ANSWER SECTION:
0-63.169.211.140.in-addr.arpa. 10800 IN NS ns1.linux-foundation.org.
0-63.169.211.140.in-addr.arpa. 10800 IN NS ns2.linux-foundation.org.
0-63.169.211.140.in-addr.arpa. 10800 IN NS ns1.auth.osuosl.org.
0-63.169.211.140.in-addr.arpa. 10800 IN NS ns2.auth.osuosl.org.
0-63.169.211.140.in-addr.arpa. 10800 IN NS ns3.auth.osuosl.org.
;; QUESTION SECTION:
;10.169.211.140.in-addr.arpa. IN PTR
;; ANSWER SECTION:
10.169.211.140.in-addr.arpa. 3577 IN CNAME 10.0-63.169.211.140.in-addr.arpa.
10.0-63.169.211.140.in-addr.arpa. 86400 IN PTR ns1.linux-foundation.org.
Tell you there is no answer to a query:
Host something.invalid.osuosl.org not found: 3(NXDOMAIN)
Some ISPs and others never serve NXDOMAINS
.
is the root of the DNS tree:
$ dig ns .
;; ANSWER SECTION:
. 512297 IN NS i.root-servers.net.
. 512297 IN NS e.root-servers.net.
. 512297 IN NS d.root-servers.net.
. 512297 IN NS j.root-servers.net.
. 512297 IN NS b.root-servers.net.
. 512297 IN NS a.root-servers.net.
. 512297 IN NS f.root-servers.net.
. 512297 IN NS h.root-servers.net.
. 512297 IN NS g.root-servers.net.
. 512297 IN NS c.root-servers.net.
. 512297 IN NS m.root-servers.net.
. 512297 IN NS k.root-servers.net.
. 512297 IN NS l.root-servers.net.
Thirteen Nameservers
[a-m].root-servers.net
a
, j
are run by Verisign
- Information Sciences Institute - USC
- Cogent Communications
- University of Maryland
- NASA
- Internet Systems Consortium
- USA DOD
- USA Army
- Netnod (Autonomica) - Sweden
- RIPE NCC
- ICANN
- WIDE - Japan
First we query a NS record for .:
$ dig ns .
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 518400 IN NS i.root-servers.net.
. 518400 IN NS a.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS m.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS j.root-servers.net.
Next we query NS for org.:
$ dig ns com. @a.root-servers.net
;; QUESTION SECTION:
;org. IN NS
;; AUTHORITY SECTION:
org. 172800 IN NS a0.org.afilias-nst.info.
org. 172800 IN NS a2.org.afilias-nst.info.
org. 172800 IN NS b0.org.afilias-nst.org.
org. 172800 IN NS b2.org.afilias-nst.org.
org. 172800 IN NS c0.org.afilias-nst.info.
org. 172800 IN NS d0.org.afilias-nst.org.
;; ADDITIONAL SECTION:
a0.org.afilias-nst.info. 172800 IN A 199.19.56.1
a2.org.afilias-nst.info. 172800 IN A 199.249.112.1
b0.org.afilias-nst.org. 172800 IN A 199.19.54.1
b2.org.afilias-nst.org. 172800 IN A 199.249.120.1
<truncated>
Next we query NS for osuosl.org.:
$ dig ns osuosl.org. @199.19.56.1
;; QUESTION SECTION:
;osuosl.org. IN NS
;; AUTHORITY SECTION:
osuosl.org. 86400 IN NS ns3.auth.osuosl.org.
osuosl.org. 86400 IN NS ns2.auth.osuosl.org.
osuosl.org. 86400 IN NS ns1.auth.osuosl.org.
;; ADDITIONAL SECTION:
ns1.auth.osuosl.org. 86400 IN A 140.211.166.140
ns2.auth.osuosl.org. 86400 IN A 140.211.166.141
ns3.auth.osuosl.org. 86400 IN A 216.165.191.53
Next we query A for osuosl.org.:
$ dig a osuosl.org. @140.211.166.140
;; QUESTION SECTION:
;osuosl.org. IN A
;; ANSWER SECTION:
osuosl.org. 300 IN A 140.211.15.183
;; AUTHORITY SECTION:
osuosl.org. 86400 IN NS ns1.auth.osuosl.org.
osuosl.org. 86400 IN NS ns2.auth.osuosl.org.
osuosl.org. 86400 IN NS ns3.auth.osuosl.org.
;; ADDITIONAL SECTION:
ns1.auth.osuosl.org. 86400 IN A 140.211.166.140
ns2.auth.osuosl.org. 86400 IN A 140.211.166.141
ns3.auth.osuosl.org. 3600 IN A 216.165.191.53
That was a lot of work, so we have dns caches to help us:
- bind
- unbound
- dnscache ({n,}djbdns)
Canonical Name is the thing pointed at, query is what points to it:
;; QUESTION SECTION:
;www.osuosl.org. IN A
;; ANSWER SECTION:
www.osuosl.org. 86399 IN CNAME web1.osuosl.org.
web1.osuosl.org. 86400 IN A 140.211.15.183
;; QUESTION SECTION:
;oregonstate.edu. IN TXT
;; ANSWER SECTION:
oregonstate.edu. 3600 IN TXT "MS=ms62624237"
oregonstate.edu. 3600 IN TXT "adobe-idp-site-verification=fe492d09-19f1-47e9-9d04-30fe92a03e4f"
oregonstate.edu. 3600 IN TXT "c6PyBr5dTRwVyn5t8h0JUm5vIh/+dL1yECXbGzwMb5D9pq9w02DSh81vaWJyg8ulAX4ZaEkMXQymvdMIZYvUvQ=="
oregonstate.edu. 3600 IN TXT "v=spf1 include:_spf.oregonstate.edu include:_spf.google.com include:spf.protection.outlook.com ?all"
resolv.conf has nameserver
entries which tell which dns servers to use:
nameserver 140.211.166.130
nameserver 140.211.166.131
Most distributions provide a package that manages resolv.conf entries when using dhcp (typically called resolvconf)
Authoritative
Non-Authoritative
$ORIGIN
, $INCLUDE
and $TTL
$ORIGIN domain-name |
Default domain for the file |
$INCLUDE filename [origin] |
Include a specific file |
$TTL default-ttl |
Default time-to-live for all records |
$ORIGIN example.org
$TTL 600
example.org IN SOA ns1.example.org. webmaster.example.org (
2015011501 ; serial
3600 ; refresh (1 hour)
3600 ; retry (1 hour)
604800 ; expire (1 week)
600 ; TTL (10 minutes )
)
NS ns1.example.org
NS ns2.example.org
ns1 A 192.168.1.1
ns2 A 192.168.100.1
@ A 192.168.1.10
www A 192.168.1.10
foo CNAME www.example.org
$ dig +dnssec debian.org
;; QUESTION SECTION:
;debian.org. IN A
;; ANSWER SECTION:
debian.org. 13 IN A 149.20.20.20
debian.org. 13 IN RRSIG A 8 2 300 20160224085546 20160115075546 36840 debian.org. OflWGI9Z6
OPknWGELGOYxJg078+//1Yoj4uNtQzQP4JgupiYt1jtMc46 QXeVPoVjcvS0NgfyqJidNP1agFRarevIK3Qo4Na7QST6D
pEQ8kVJCtY6 WjYdg6uPdemocU+a+xogOQaWapPrAdMIOq2QcXWM1hD549Zq4BvRQy+q CSpuQ116HegGX2VSCYjzeZWo
TTHKRzK832kwb9Tn1XZHjApWTTM8oeXQ peEMAO8oUkdXa+g1CuSODt5tPszIZaIH