address resolution

There are 3 commands we can use to perform address resolution (IP → DNS, DNS → IP): nslookup, dig and host.

The nslookup command uses the settings in /etc/resolv.conf and totally ignores /etc/hosts to perform address resolution:

root:/etc> nslookup 8.8.4.4
Server:       141.228.16.34
Address:      141.228.16.34#53
.
Non­authoritative answer:
4.4.8.8.in­addr.arpa name = google­public­dns­b.google.com.
.
Authoritative answers can be found from:
.
root:/etc> nslookup google­public­dns­b.google.com
Server:       141.228.16.34
Address:      141.228.16.34#53
.
Non­authoritative answer:
Name: google­public­dns­b.google.com
Address: 8.8.4.4

We can also explicitly specify the nameserver we want to use, instruct nslookup to return failure if that nameserver is not available or cannot respond to the query:

root:/etc> nslookup ­-server 8.8.8.8 ­-set ­-fail -­norecurse 8.8.4.4
*** Invalid option: server
*** Invalid option: set
Server:      8.8.4.4
Address:     8.8.4.4#53
.
Non­authoritative answer:
8.8.8.8.in­addr.arpa name = google­public­dns­a.google.com.
.
Authoritative answers can be found from:

The host command works exactly the same way as nslookup but with a slightly different output and flags:

root:/etc> host 8.8.4.4
4.4.8.8.in­addr.arpa domain name pointer google­public­dns­b.google.com.
.
root:/etc> host ­-R 3 -­T -­s 8.8.4.4  8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:
4.4.8.8.in­addr.arpa domain name pointer google­public­dns­b.google.com.

The 2nd example above performs 3 attempts to contact the nameserver (“-R 3”), uses TCP rather than the default UDP (“-T”) and uses nameserver 8.8.8.8 and no other (“-s”) to resolve the DNS of IP 8.8.4.4.

The dig command is more powerful than the previous two and unlike them it checks /etc/hosts if the name or IP cannot be resolved by the nameservers. Let's look at some examples to see how to use dig:

root:/etc> dig assemblea.cat                → same as “ dig -­q assemblea.cat
; <<>> DiG 9.9.6­P1­RedHat­9.9.6­10.P1.fc21 <<>> assemblea.cat
.
;; global options: +cmd
;; Got answer:
;; ­>>HEADER<<­ opcode: QUERY, status: NOERROR, id: 22716
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;assemblea.cat.                      IN        A
.
;;ANSWER SECTION:
assemblea.cat.         3600          IN       A        81.169.149.37
.
;; AUTHORITY SECTION:
assemblea.cat.         86384         IN       NS       dns2.pd­imedia.com.
assemblea.cat.         86384         IN       NS       dns1.pd­imedia.com.
.
;; Query time: 55 msec
;; SERVER: 141.228.16.34#53(141.228.16.34)
;; WHEN: Mon Sep 28 12:59:33 BST 2015
;; MSG SIZE rcvd: 109

The DNS query above is a typical one using the nameservers in /etc/resolv.conf and with all the default options. By default and without any flag, dig will take the input value as a DNS address to be resolved into an IP. We would get the same result for the query above if we used the -q flag. If we want to resolve IPs into DNS records we need to use the -x flag:

root:/etc> dig -­x 81.169.149.37
.
; <<>> DiG 9.9.6­P1­RedHat­9.9.6­10.P1.fc21 <<>> ­x 81.169.149.37
;; global options: +cmd
;; Got answer:
;; ­>>HEADER<<­ opcode: QUERY, status: NOERROR, id: 43637
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
.
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;37.149.169.81.in­addr.arpa.     IN PTR
.
;; ANSWER SECTION:
37.149.169.81.in­addr.arpa. 1799 IN PTR assemblea.cat.
.
;; AUTHORITY SECTION:
assemblea.cat.          83863     IN     NS      dns2.pd­imedia.com.
assemblea.cat.          83863     IN     NS      dns1.pd­imedia.com.
.
;; Query time: 36 msec
;; SERVER: 141.228.16.34#53(141.228.16.34)
;; WHEN: Mon Sep 28 13:02:15 BST 2015
;; MSG SIZE rcvd: 82

We see in the examples above that a dig query shows by default 5 sections:

• Header     → dig version, options used, and number of queries/answers/authorities/additionals.
• Question   → parametrised query being executed
• Answer      → output received from the namserver
• Authority    → authoritative nameservers for the IP/name given
• Additional  → IPs of the nameservers, query response time, message size, etc

If we want to omit some of those sections we can do so with the options: +nocmd, +nocomments,
+noquestion, +noauthority and +nostats.

root:/etc> dig ­-x 81.169.149.37 +nostats
; <<>> DiG 9.9.6­P1­RedHat­9.9.6­10.P1.fc21 <<>> ­x 81.169.149.37 +nostats
;; global options: +cmd
;; Got answer:
;; ­>>HEADER<<­ opcode: QUERY, status: NOERROR, id: 3649
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;37.149.169.81.in­addr.arpa.     IN      PTR
.
;; ANSWER SECTION:
37.149.169.81.in­addr.arpa. 1771 IN PTR      assemblea.cat.
.
root:/etc> dig ­-x 81.169.149.37 +nostats +nocomments
; <<>> DiG 9.9.6­P1­RedHat­9.9.6­10.P1.fc21 <<>> ­x 81.169.149.37 +nostats +nocomments
;; global options: +cmd
;37.149.169.81.in­addr.arpa.     IN     PTR
37.149.169.81.in­addr.arpa. 1770 IN PTR     assemblea.cat.
149.169.81.in­addr.arpa. 1770      IN    NS     ns.rz­ip.net.
149.169.81.in­addr.arpa. 1770      IN    NS     ns2.rz­ip.net.
.
root:/etc> dig -­x 81.169.149.37 +nostats +nocomments +noauthority
; <<>> DiG 9.9.6­P1­RedHat­9.9.6­10.P1.fc21 <<>> ­x 81.169.149.37 +nostats +nocomments
+noauthority
;; global options: +cmd
;37.149.169.81.in­addr.arpa.     IN     PTR
37.149.169.81.in­addr.arpa. 1763 IN PTR     assemblea.cat.
.
root:/etc> dig ­-x 81.169.149.37 +nostats +nocomments +noauthority +noquestion
; <<>> DiG 9.9.6­P1­RedHat­9.9.6­10.P1.fc21 <<>> ­x 81.169.149.37 +nostats +nocomments
+noauthority +noquestion
;; global options: +cmd
37.149.169.81.in­addr.arpa. 1799 IN PTR     assemblea.cat.
.
root:/etc> dig -­x 81.169.149.37 +noall +answer
; <<>> DiG 9.9.6­P1­RedHat­9.9.6­10.P1.fc21 <<>> ­x 81.169.149.37 +noall +answer
;; global options: +cmd
37.149.169.81.in­addr.arpa. 1799 IN PTR     assemblea.cat.

As with nslookup and host, we can specify the nameserver we want to query:

root:/etc> dig @8.8.8.8 ­-q assemblea.cat
.
; <<>> DiG 9.9.6­P1­RedHat­9.9.6­10.P1.fc21 <<>> @8.8.8.8 ­q assemblea.cat
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ­>>HEADER<<­ opcode: QUERY, status: NOERROR, id: 8895
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
.
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;assemblea.cat.               IN         A
.
;; ANSWER SECTION:
assemblea.cat.           3600   IN    A      81.169.149.37
.
;; AUTHORITY SECTION:
assemblea.cat.         86400    IN     NS     dns2.pd­imedia.com.
assemblea.cat.         86400    IN     NS     dns1.pd­imedia.com.
.
;; Query time: 125 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Sep 28 13:05:02 BST 2015
;; MSG SIZE rcvd: 109

We can also specify IPv4 or IPv6 and can use a file to feed the IPs & addresses to be resolved:

root:/etc> cat /tmp/2resolv.txt
-x 104.86.111.51
-x 104.86.111.65
-q www.zerohedge.com
.
root:/etc> dig ­-f /tmp/2resolv.txt +nocomments +nostats +nocmd +noquestion
51.111.86.104.in­addr.arpa.  172   IN     PTR     a104­86­51.deploy.static.akamaitechno.com.
65.111.86.104.in­addr.arpa.  300   IN     PTR     a104­86­65.deploy.static.akamaitechno.com.
www.zerohedge.com.          116   IN     A       185.32.215.118
www.zerohedge.com.          116   IN     A       185.32.215.119

We can also use use dig to discover the mail servers (MX), nameservers (NS) and all other records for a certain domain:

marc:~> dig redhat.com ­-t ns +noall +answer | grep -­v -­e DiG ­-e "options: +cmd"
redhat.com.               515     IN     NS     ns1.redhat.com.
redhat.com.               515     IN     NS     ns3.redhat.com.
redhat.com.               515     IN     NS     ns4.redhat.com.
redhat.com.               515     IN     NS     ns2.redhat.com.
.
marc:~> dig redhat.com -­t mx +noall +answer | grep ­-v -­e DiG ­-e "options: +cmd"
redhat.com.               600     IN     MX       5   mx1.redhat.com.
redhat.com.               600     IN     MX       10 mx2.redhat.com.
.
marc:~> dig redhat.com ­-t any +noall +answer | grep ­-v -­e DiG -­e "options: +cmd"
redhat.com.               599     IN     SOA   ns1.redhat.com. noc.redhat.com.   2015092501 300 180 604800 14400
redhat.com.               599     IN     TXT    "v=spf1   include:u1969764.wl.sendgrid.net include:_spf1.redhat.com include:_spf2.redhat.com ­all"
redhat.com.               599     IN     MX       5   mx1.redhat.com.
redhat.com.               599     IN     MX       10 mx2.redhat.com.
redhat.com.               599     IN     NS       ns4.redhat.com.
redhat.com.               599     IN     NS       ns2.redhat.com.
redhat.com.               599     IN     NS       ns3.redhat.com.

And we can specify a short-output option:

marc:~> dig redhat.com -­t ns +short
ns4.redhat.com.
ns1.redhat.com.
ns2.redhat.com.
ns3.redhat.com.

And we can enforce use of IPv4 (“-4”), IPv6 (“-6”), TCP (“-t”), non-default port (“-p”) and set timeout (“+time=3”) among other options. Finally, we can create a $HOME/.digrc file with the options we most often use:

marc:~> cat ~/.digrc
+noall +answer

At the local network level (anything within the same subnet) we can use the arping command to determine the MAC addresses of other hosts' devices.

root:/etc> arping ­-I virbr0 -­c 1 192.168.122.161
ARPING 192.168.122.161 from 192.168.122.1 virbr0
Unicast reply from 192.168.122.161 [52:54:00:49:72:FC] 0.596ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)

Finally and to close this section we can use the whois command to extract a lot of useful information about IP addresses/ranges or DNSes:

root:/etc> whois google.com
[Querying whois.verisign­grs.com]
[Redirected to whois.markmonitor.com]
[Querying whois.markmonitor.com]
[whois.markmonitor.com]
Domain Name: google.com
Registry Domain ID: 2138514_DOMAIN_COM­VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2015­06­12T10:38:52­0700
Creation Date: 1997­09­15T00:00:00­0700
Registrar Registration Expiration Date: 2020­09­13T21:00:00­0700
Registrar: MarkMonitor, Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)
Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)
Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)
Registry Registrant ID:
Registrant Name: Dns Admin
Registrant Organization: Google Inc.
Registrant Street: Please contact contact­admin@google.com, 1600 Amphitheatre Parkway
Registrant City: Mountain View
Registrant State/Province: CA
Registrant Postal Code: 94043
Registrant Country: US
Registrant Phone: +1.6502530000
Registrant Phone Ext:
Registrant Fax: +1.6506188571
Registrant Fax Ext:
Registrant Email: dns­admin@google.com
Registry Admin ID:
Admin Name: DNS Admin
Admin Organization: Google Inc.
Admin Street: 1600 Amphitheatre Parkway
Admin City: Mountain View
Admin State/Province: CA
Admin Postal Code: 94043
Admin Country: US
Admin Phone: +1.6506234000
Admin Phone Ext:
Admin Fax: +1.6506188571
Admin Fax Ext:
Admin Email: dns­admin@google.com
Registry Tech ID:
Tech Name: DNS Admin
Tech Organization: Google Inc.
Tech Street: 2400 E. Bayshore Pkwy
Tech City: Mountain View
Tech State/Province: CA
Tech Postal Code: 94043
Tech Country: US
Tech Phone: +1.6503300100
Tech Phone Ext:
Tech Fax: +1.6506181499
Tech Fax Ext:
Tech Email: dns­admin@google.com
Name Server: ns2.google.com
Name Server: ns4.google.com
Name Server: ns1.google.com
Name Server: ns3.google.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2015­09­30T03:20:02­0700 <<<

 

<< netstat command                host alive? >>