Linux Network Management (3) – DNS forward and reverse query commands: host, NSLOOKUP, dig

Time:2021-5-11

Linux Network Management – DNS forward and reverse query commands: host, NSLOOKUP, dig

1、 Host

Resolve the IP address and alias of the domain name

1. Grammar

Host [option] [host name or IP] [server]

2. Common options

-a: list the detailed host name setting information of the host

3. Common parameters

serverThe: host command is used by default/etc/resolv.confIf this parameter is set, the DNS host set here will be used for query.

4. Application

Analyze the IP address and other information corresponding to the domain name

  • Host domain name
[[email protected] vagrant]# host www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 61.135.169.125
www.a.shifen.com has address 61.135.169.121
  • Host - a domain name
[[email protected] vagrant]# host -a www.baidu.com
Trying "www.baidu.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29562
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5

;; QUESTION SECTION:
;www.baidu.com.                 IN      ANY

;; ANSWER SECTION:
www.baidu.com.          1000    IN      CNAME   www.a.shifen.com.

;; AUTHORITY SECTION:
baidu.com.              52656   IN      NS      ns7.baidu.com.
baidu.com.              52656   IN      NS      ns3.baidu.com.
baidu.com.              52656   IN      NS      ns2.baidu.com.
baidu.com.              52656   IN      NS      ns4.baidu.com.
baidu.com.              52656   IN      NS      dns.baidu.com.

;; ADDITIONAL SECTION:
dns.baidu.com.          52853   IN      A       202.108.22.220
ns2.baidu.com.          65473   IN      A       61.135.165.235
ns3.baidu.com.          52760   IN      A       220.181.37.10
ns4.baidu.com.          65473   IN      A       220.181.38.10
ns7.baidu.com.          53740   IN      A       180.76.76.92

Received 228 bytes from 10.0.2.3#53 in 9 ms

Digression: it can be seen from the abovewww.baidu.comMapping to via CNAMEwww.a.shifen.comBut why can’t we access it directlywww.a.shifen.comWhat about it?

The CNAME domain name produced by web application firewall or advanced defense IP is used for DNS resolution and cannot be accessed directly.

Linux Network Management (3) - DNS forward and reverse query commands: host, NSLOOKUP, dig

Use the customized DNS host to resolve the IP address and other information corresponding to the domain name

  • Host domain name DNS host name or IP
[[email protected] vagrant]# host www.baidu.com 168.95.1.1
Using domain server:
Name: 168.95.1.1
Address: 168.95.1.1#53
Aliases:

www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 180.97.33.108
www.a.shifen.com has address 180.97.33.107

[[email protected] vagrant]# host www.baidu.com dns.hinet.net
Using domain server:
Name: dns.hinet.net
Address: 168.95.1.1#53
Aliases:

www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 180.97.33.108
www.a.shifen.com has address 180.97.33.107

[[email protected] vagrant]# host www.baidu.com 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 61.135.169.121
www.a.shifen.com has address 61.135.169.125

2、 NSLOOKUP

Domain name resolution tool is the command used to check DNS information. Use the / etc / resolv. Conf file as the source selection for the DNS server.

1. Grammar

NSLOOKUP [host name or IP]

2. Application

Resolve the IP address corresponding to the domain name

  • NSLOOKUP domain name
[[email protected] vagrant]# nslookup www.baidu.com
Server:         10.0.2.3
Address:        10.0.2.3#53

Non-authoritative answer:
Name:   www.baidu.com
Address: 61.135.169.121
Name:   www.baidu.com
Address: 61.135.169.125

Resolving the host name corresponding to the IP address

Not all IP addresses can be resolved successfully

  • nslookup IP
[[email protected] vagrant]# nslookup 168.95.1.1
Server:         10.0.2.3
Address:        10.0.2.3#53

Non-authoritative answer:
1.1.95.168.in-addr.arpa name = dns.hinet.net.

Authoritative answers can be found from:
95.168.in-addr.arpa     nameserver = ans1.hinet.net.
95.168.in-addr.arpa     nameserver = ans2.hinet.net.
ans1.hinet.net  internet address = 168.95.192.15
ans1.hinet.net  has AAAA address 2001:b000:168::1:100:1
ans2.hinet.net  internet address = 168.95.1.15
ans2.hinet.net  has AAAA address 2001:b000:168::2:100:1

View local DNS server

  • nslookup server
[[email protected] vagrant]# nslookup server
Server:         10.0.2.3
Address:        10.0.2.3#53

** server can't find server: NXDOMAIN

3、 Dig

Domain name query tool can be used to test whether the domain name system works normally.

Function andnslookupSimilar, recommendeddigTo replacenslookup

1. Installation

If the system does not default todigCommand, use the following command to install.

yum install bind-utils

2. Grammar

Dig [option] [host name]

3. Common options

@< DNS server IP >The: dig command is used by default/etc/resolv.confThe DNS host in the file is used to resolve the domain name. If this parameter is set, the DNS host set here is used to resolve the domain name.
-B < IP address >: when the host has multiple IP addresses, specify which IP address of the host should be used to send domain name query request to the domain name server.

4. Application

Analyze the IP address and other information corresponding to the domain name

[[email protected] tmp]# dig www.baidu.com

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50280
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 6

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.baidu.com.                 IN      A

;; ANSWER SECTION:
www.baidu.com.          1096    IN      CNAME   www.a.shifen.com.
www.a.shifen.com.       290     IN      A       61.135.169.121
www.a.shifen.com.       290     IN      A       61.135.169.125

;; AUTHORITY SECTION:
a.shifen.com.           34      IN      NS      ns3.a.shifen.com.
a.shifen.com.           34      IN      NS      ns4.a.shifen.com.
a.shifen.com.           34      IN      NS      ns1.a.shifen.com.
a.shifen.com.           34      IN      NS      ns5.a.shifen.com.
a.shifen.com.           34      IN      NS      ns2.a.shifen.com.

;; ADDITIONAL SECTION:
ns1.a.shifen.com.       411     IN      A       61.135.165.224
ns2.a.shifen.com.       435     IN      A       180.149.133.241
ns3.a.shifen.com.       431     IN      A       61.135.162.215
ns4.a.shifen.com.       431     IN      A       115.239.210.176
ns5.a.shifen.com.       435     IN      A       119.75.222.17

;; Query time: 11 msec
;; SERVER: 10.0.2.3#53(10.0.2.3)
;; WHEN: Wed May 16 08:40:42 UTC 2018
;; MSG SIZE  rcvd: 271
  • In this example, we can see that the output information includes the following parts:

Header: displays the contents of the query, including 1 query, 3 answers and 5 authority.
Question: displays the content to be queried.
Answer: query the result according to the query.
Authority: we can know from here www.baidu.com Which DNS servers provide the answer.

Use the custom DNS server to resolve the IP address and other information corresponding to the domain name

[[email protected] tmp]# dig @168.95.1.1 www.baidu.com

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> @168.95.1.1 www.baidu.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48040
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 3072
;; QUESTION SECTION:
;www.baidu.com.                 IN      A

;; ANSWER SECTION:
www.baidu.com.          1034    IN      CNAME   www.a.shifen.com.
www.a.shifen.com.       241     IN      A       180.97.33.107
www.a.shifen.com.       241     IN      A       180.97.33.108

;; Query time: 70 msec
;; SERVER: 168.95.1.1#53(168.95.1.1)
;; WHEN: Wed May 16 08:39:13 UTC 2018
;; MSG SIZE  rcvd: 101