For a system administrator, having ready access to all kinds of information for troubleshooting or configuration of computers and networks is important. When diagnosing connectivity issues, or setting up a new Web site or server, being able to accurately get information from DNS can be critical; DNS provides a lot of information that can really help in this regard.
On Linux, the best tool for this job is dig, part of the BIND collection of utilities. On Red Hat Enterprise Linux, CentOS and Fedora, dig is part of the bind-utils package; you don't need to actually have the BIND DNS server installed to make use of the utilities.
The dig command-line tool is used to query DNS name servers for information. It can be the default DNS server as defined for your system, or it can be any other DNS server you specify, including the root name servers. A typical invocation of dig would be as follows:
http://bit.ly/9SAyDh
Dig is quite verbose, so there is a lot of information here, and not all of it is useful. The important bits are the A records pointing to google.com, and the server that was queried (in this case 192.168.250.12). The information can be trimmed by specifying certain flags:
http://bit.ly/9SAyDh
Knowing the A record, or authoritative IP address, is very useful information. But so is knowing what DNS server is authoritative for that domain name, or knowing which mail servers accept mail for that domain. This can be done by telling dig to get the NS or MX records; if you want all of them, use the ANY option:
$ dig MX google.com +short
200 google.com.s9a2.psmtp.com.
300 google.com.s9b1.psmtp.com.
400 google.com.s9b2.psmtp.com.
100 google.com.s9a1.psmtp.com.The +short option is very useful to just provide the answers; in this case, we have the names of the MX records with their priority.
Want to do a reverse lookup? This can be done with the -x option and specifying an IP address instead of a domain name:
$ dig -x 74.125.148.13 +short
s9b1.psmtp.com.And if you want to see the results from a different DNS server, use the @ prefix with the DNS server to use:
$ dig @ns.isp.com google.comThere is also the TXT record for domains that can be useful, especially if you wan to look up SPF (Sender Policy Framework, an email validation system) information. For instance:
http://bit.ly/9SAyDh
The dig utility is very handy, especially when used with troubleshooting. It has a lot of options and a lot of different things it can do; take a look at the output of dig -h for an idea of the many options available.
Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years.
No comments:
Post a Comment