Advanced Queries

In document C# Network Programming (Page 161-167)

The default nslookup format described in the preceding sections provides good, simple information regarding the hostname requested. If you would like to see other DNS record types, you must use options for nslookup. The nslookup options can be specified on the command line, but it is often easier to use nslookup in interactive mode.

To enter interactive mode, simply type nslookup at the command prompt without any parameters. The default DNS server used will be displayed, along with an nslookup prompt:

C:\>nslookup

Default Server: dns.ispnet.net Address: 10.25.0.1

>

At the nslookup prompt, you can enter in a variety of special commands to modify the behavior of the nslookup query, as described in Table 4.5.

Table 4.5: nslookup Commands

Command Description

NAME Resolves the hostname NAME

NAME1 NAME2 Resolves the hostname NAME using DNS server

NAME2

Help Lists all the available nslookup commands and options

Set Sets an nslookup option

Server NAME Sets the default DNS server to NAME, using the current default server

Lserver NAME Sets the default DNS server to NAME, using the initial

server

Finger [USER] Uses the Finger utility to find USER at the current default host

Root Sets the current default DNS server to the root server

ls DOMAIN Lists all registered addresses in DOMAIN

View Views a file created with the ls command

Exit Exits the nslookup command mode

As you can see in Table 4.5, you use the set command to establish various options for the DNS query. These options are defined in Table 4.6, and a few of the most commonly used are discussed in the sections that follow.

Table 4.6: nslookup Set Options

Option Description

All Prints the options, current server, and host

[no]debug Prints (or doesn t print) debugging information

[no]d2 Prints (or doesn t print) exhaustive debugging information

[no]defname Appends (or doesn t append) domain name to each

query

[no]recurse Asks for recursive answer to each query

[no]search Uses domain search list

[no]vc Always uses a virtual circuit

Domain=NAME Sets default domain name to NAME

Srchlist=N1[N2/ /N6] Sets domain to N1 and search list to N1, N2, etc.

root=NAME Sets DNS root server to NAME

Retry=X Sets number of retries to X

Timeout=X Sets initial timeout interval to X seconds

type=X Sets query type

Querytype=X Sets query type

Class=X Sets query class

[no]msxfr Uses Microsoft fast zone transfer

Ixfrver=X Sets the current version to use in IXFR transfer request

The debug Option

The debug option allows you to watch the DNS communication with the DNS server. Listing 4.4 shows a sample DNS query with the debug option turned on. This information shows exactly what you saw in the WinDump results:

the original query for the www.microsoft.com hostname and the answer indicating that it was an alias for the www.microsoft.akadns.net host, along with all the IP addresses associated with it.

Listing 4.4: nslookup query with debug on

C:\>nslookup

Default Server dns.ispnet.net Address: 10.25.0.1

> set debug

> www.microsoft.com Server: dns.ispnet.net Address: 10.25.0.1

Got answer:

HEADER:

opcode = QUERY, id = 2, rcode = NOERROR

header flags: response, want recursion, recursion avail.

questions = 1, answers = 7, authority records = 7, additional = 7 QUESTIONS:

www.microsoft.com, type = A, class = IN ANSWERS:

-> www.microsoft.com

canonical name = www.microsoft.akadns.net ttl = 7116 (1 hour 58 mins 36 secs)

-> www.microsoft.akadns.net

internet address = 207.46.230.219 ttl = 216 (3 mins 36 secs)

-> www.microsoft.akadns.net

internet address = 207.46.230.220 ttl = 216 (3 mins 36 secs)

-> www.microsoft.akadns.net

internet address = 207.46.197.100 ttl = 216 (3 mins 36 secs)

-> www.microsoft.akadns.net

internet address = 207.46.230.218 ttl = 216 (3 mins 36 secs)

-> www.microsoft.akadns.net

internet address = 207.46.197.102 ttl = 216 (3 mins 36 secs)

-> www.microsoft.akadns.net

internet address = 207.46.197.113 ttl = 216 (3 mins 36 secs)

AUTHORITY RECORDS:

-> akadns.net

nameserver = ZA.akadns.net

ttl = 127117 (1 day 11 hours 18 mins 37 secs) -> akadns.net

nameserver = ZC.akadns.net

ttl = 127117 (1 day 11 hours 18 mins 37 secs) -> akadns.net

nameserver = ZD.akadns.net

ttl = 127117 (1 day 11 hours 18 mins 37 secs) -> akadns.net

nameserver = ZE.akadns.net

ttl = 127117 (1 day 11 hours 18 mins 37 secs) -> akadns.net

nameserver = ZF.akadns.net

ttl = 127117 (1 day 11 hours 18 mins 37 secs) -> akadns.net

nameserver = ZG.akadns.net

ttl = 127117 (1 day 11 hours 18 mins 37 secs) -> akadns.net

nameserver = ZH.akadns.net

ttl = 127117 (1 day 11 hours 18 mins 37 secs) ADDITIONAL RECORDS:

-> ZA.akadns.net

internet address = 216.32.65.105

ttl = 127117 (1 day 11 hours 18 mins 37 secs) -> ZC.akadns.net

internet address = 63.241.199.50

ttl = 127117 (1 day 11 hours 18 mins 37 secs) -> ZD.akadns.net

internet address = 206.132.160.36

ttl = 127117 (1 day 11 hours 18 mins 37 secs) -> ZE.akadns.net

internet address = 12.47.217.11

ttl = 127117 (1 day 11 hours 18 mins 37 secs)

internet address = 63.215.198.79

ttl = 127117 (1 day 11 hours 18 mins 37 secs) -> ZG.akadns.net

internet address = 204.248.36.131

ttl = 127117 (1 day 11 hours 18 mins 37 secs) -> ZH.akadns.net

internet address = 63.208.48.42

ttl = 127117 (1 day 11 hours 18 mins 37 secs)

Non-authoritative answer:

Name: www.microsoft.akadns.net

Addresses: 207.46.230.219, 207.46.230.220, 207.46.197.100, 207.46.230.218 207.46.197.102, 207.46.197.113

Aliases: www.microsoft.com

>exit C:\>

hostname

The querytype option

Another useful capability is setting the querytype. You can use this option to narrow down specific information regarding a host, or even regarding a complete domain. For example, you can set the query type to SOA to retrieve the SOA record for the domain:

C:\>nslookup

Default Server: dns.ispnet.net Address: 10.25.0.1

> set querytype=soa

> microsoft.com

Server: dns.ispnet.net Address: 10.25.0.1 microsoft.com

primary name server = dns.cp.msft.net

responsible mail addr = msnhst.microsoft.com serial = 2002061201

refresh = 900 (15 mins) retry = 600 (10 mins)

expire = 7200000 (83 days 8 hours) default TTL = 7200 (2 hours)

dns.cp.msft.net internet address = 207.46.138.10

>

You can see the entire SOA record for the requested domain, as it is defined in the local DNS server. This will also work when you are trying to determine the mail servers for a particular domain, as shown in the following example:

C:\>nslookup

Default Server: dns.ispnet.net Address: 10.25.0.1

> set querytype=mx

> microsoft.com

Server: dns.ispnet.net Address: 10.25.0.1

microsoft.com MX preference = 10, mail exchanger = maila.microsoft.com microsoft.com MX preference = 10, mail exchanger = mailb.microsoft.com microsoft.com MX preference = 10, mail exchanger = mailc.microsoft.com maila.microsoft.com internet address = 131.107.3.125

maila.microsoft.com internet address = 131.107.3.124 mailb.microsoft.com internet address = 131.107.3.123 mailb.microsoft.com internet address = 131.107.3.122 mailc.microsoft.com internet address = 131.107.3.126

mailc.microsoft.com internet address = 131.107.3.121

>

The results show that there are three separate mail servers defined for the microsoft.com domain. The information shows the mail server hostnames, along with their individual IP addresses.

The Domain Dump Option (ls)

The ls option of the nslookup command allows system administrators to obtain a complete dump of the defined DNS database for a domain. With this option, you can investigate all the DNS records for an entire domain. Be

forewarned, though I say "can" because it is not guaranteed to work. Many DNS servers disable this command to prevent unauthorized users from seeing the entire DNS database.

If you do have access to the ls command on a DNS server, you can dump the complete DNS database to a file by using the redirection command (>):

C:\>nslookup

Default Server: dns.ispnet.net Address: 10.25.0.1

> ls testdomain.com > td.txt

> view td.txt

The view command can then be used to view the downloaded text file, which contains the DNS database for the domain.

In document C# Network Programming (Page 161-167)