Using DNS Tools

Fedora includes a number of standard tools that allow you to work with DNS. These tools, found in the bind-utils and whois packages, have everyday uses that do not require DNS administrator skills. If you want to know what domain name belongs to an IP address, or vice versa, these are the tools to use to track down that information. Forward lookups are where you map a name to an IP address; reverse lookups are where you map an address to a name.

Here are tools you can use:

• dig (Domain Information Groper)

• host

• nslookup

• whois

The following sections briefly describe these tools and provide examples of their use.

dig

The Domain Information Groper is a command-line utility that queries DNS nameservers. By default, dig uses the nameservers listed in /etc/resolv.conf and performs an NS (Nameserver) query. Reverse lookups are accomplished with the -x argument with a default A (Address) query.

Here is an example of a forward lookup with dig:

$ dig www.pearson.com ; <<>> DiG 9.2.2 <<>> www.pearson.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59962 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.pearson.com.               IN      A ;; ANSWER SECTION: www.pearson.com.        86400   IN      A       165.193.130.83 ;; AUTHORITY SECTION: pearson.com.            86400   IN      NS      ns1-p.dns.pipex.net. pearson.com.            86400   IN      NS      ns.pearson.com. pearson.com.            86400   IN      NS      ns0-p.dns.pipex.net. ;; ADDITIONAL SECTION: ns0-p.dns.pipex.net.    66542   IN      A       158.43.129.80 ns1-p.dns.pipex.net.    66542   IN      A       158.43.193.80 ;; Query time: 294 msec ;; SERVER: 64.83.0.10#53(64.83.0.10) ;; WHEN: Mon Sep 1 16:42:00 2003 ;; MSG SIZE rcvd: 151

A reverse lookup with dig:

$ dig -x 165.193.130.83 ; <<>> DiG 9.2.2 <<>> -x 165.193.130.83 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63402 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;83.130.193.165.in-addr.arpa.   IN      PTR ;; ANSWER SECTION: 83.130.193.165.in-addr.arpa. 43200 IN   PTR prs-sun-106-nyeh-peshr-hme0-4.digisle.net. ;; AUTHORITY SECTION: 130.193.165.in-addr.arpa. 43200 IN      NS      ns.digisle.net. 130.193.165.in-addr.arpa. 43200 IN      NS      ns1.digisle.net. ;; Query time: 41 msec ;; SERVER: 64.83.0.10#53(64.83.0.10) ;; WHEN: Mon Sep 1 16:42:21 2003 ;; MSG SIZE rcvd: 135

host

A command-line utility, host performs forward and reverse lookups by querying DNS nameservers, similar to dig.

Here's an example of a forward lookup with host:

$ host www.pearson.com www.pearson.com has address 165.193.130.83

Here's a reverse lookup with host:

$ host 165.193.130.83 83.130.193.165.in-addr.arpa domain name pointer prs-sun-106-nyeh-peshr-hme0-4.digisle.net.

nslookup

A command-line utility, nslookup can be used in an interactive or noninteractive manner to query DNS nameservers. Note that nslookup is outdated; try using dig instead.

Here's an example of a forward lookup using nslookup:

$ nslookup www.pearson.com Note: nslookup is deprecated and may be removed from future releases. Consider using the 'dig' or 'host' programs instead. Run nslookup with the '-sil[ent]' option to prevent this message from appearing. Server:         64.83.0.10 Address:        64.83.0.10#53 Non-authoritative answer: Name: www.pearson.com Address: 165.193.130.83

Here's a reverse lookup using nslookup:

$ nslookup 165.193.130.83 Note: nslookup is deprecated and may be removed from future releases. Consider using the 'dig' or 'host' programs instead. Run nslookup with the '-sil[ent]' option to prevent this message from appearing. Server:         64.83.0.10 Address:        64.83.0.10#53 Non-authoritative answer: 83.130.193.165.in-addr.arpa     name = prs-sun-106-nyeh-peshr-hme0-4.digisle.net. Authoritative answers can be found from: 130.193.165.in-addr.arpa        nameserver = ns.digisle.net. 130.193.165.in-addr.arpa        nameserver = ns1.digisle.net.

Note that using a reverse lookup does not tell you the fully qualified domain name of the server using that IP address. To determine that, you have to use the whois client.

whois

A command-line utility from the whois package, whois queries the database at whois.networksolutions.com.

For an IP lookup:

$ whois 165.193.130.83 OrgName:    Cable & Wireless OrgID:      CWUS Address:    3300 Regency Pkwy City:       Cary StateProv:  NC PostalCode: 27511 Country:    US NetRange:   165.193.0.0 - 165.193.255.255 CIDR:       165.193.0.0/16 NetName:    CWDI-BLK6 NetHandle:  NET-165-193-0-0-1 Parent:     NET-165-0-0-0-0 NetType:    Direct Allocation NameServer: NS.DIGISLE.NET NameServer: NS1.DIGISLE.NET Comment: RegDate: Updated:    2002-08-23 TechHandle: ZC221-ARIN TechName:   Cable & Wireless TechPhone:  +1-919-465-4023 TechEmail:  ip@gnoc.cw.net OrgAbuseHandle: SPAMC-ARIN OrgAbuseName:   SPAM COMPLAINTS OrgAbusePhone:  +1-800-977-4662 OrgAbuseEmail:  abuse@cw.com OrgNOCHandle: NOC99-ARIN OrgNOCName:   Network Operations Center OrgNOCPhone:  +1-800-977-4662 OrgNOCEmail:  trouble@cw.net OrgTechHandle: UIAA-ARIN OrgTechName:   US IP Address Administration OrgTechPhone:  +1-800-977-4662 OrgTechEmail:  ipadmin@clp.cw.net OrgTechHandle: GIAA-ARIN OrgTechName:   Global IP Address Administration OrgTechPhone:  +1-919-465-4096 OrgTechEmail:  ip@gnoc.cw.net # ARIN WHOIS database, last updated 2003-08-31 19:15 # Enter ? for additional hints on searching ARIN's WHOIS database.

And for a domain name lookup (which is not what whois is used for):

$ whois www.pearson.com Whois Server Version 1.3 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. No match for "WWW.PEARSON.COM".