DNS Cheatsheet (dig, bind, nslookup)
1 dig (domain-name internet groper)
dig
is a command line utility that will query the domain-name system for
entries, usually based on name, and return the DNS records found.
By default, dig will query the name servers as specified in the operating
system configurations, i.e. according to /etc/resolv.conf
With no options, dig will do an NS query
for "."
which is the root server.
dig
1.1 Overriding /etc/resolv.conf
dig ... @8.8.8.8 will query the name server at 8.8.8.8 (google) dig ... @208.67.222.222 will query the name server at 208.67.222.222 (opendns) dig ... @208.67.220.220 will query the name server at 208.67.220.220 (opendns)
1.2 Returning "A" records (default)
By default dig will return the address ("A") records for the name queried.
dig senecacollege.ca
senecacollege.ca. 600 IN A 34.243.56.93 senecacollege.ca. 600 IN A 52.24.251.32 senecacollege.ca. 600 IN A 52.60.173.6 ;; Query time: 41 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Mon Jan 13 13:18:20 EST 2020 ;; MSG SIZE rcvd: 93
dig senecacollege @ 8.8.8.8
senecacollege.ca. 587 IN A 52.24.251.32 senecacollege.ca. 587 IN A 52.60.173.6 senecacollege.ca. 587 IN A 34.243.56.93 ;; Query time: 42 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon Jan 13 13:30:47 EST 2020 ;; MSG SIZE rcvd: 93
1.3 Reverse lookups "PTR" records (-x option)
The reverse lookup would be to run -x option
dig -x 34.243.56.93 dig +time=10 myip.opendns.com dig +time=10 draugiem.lv @208.67.222.222 dig +time=10 draugiem.lv @208.67.220.220 dig +time=10 draugiem.lv @4.2.2.1 traceroute -I -w 2 208.67.222.222 traceroute -I -w 2 208.67.220.220 traceroute -I -w 2 api.opendns.com traceroute -I -w 2 bpb.opendns.com traceroute -I -w 2 block.opendns.com traceroute -I -w 2 hit-adult.opendns.com dig @208.67.222.222 +time=10 debug.opendns.com txt dig @208.67.222.222 -p 443 +time=10 debug.opendns.com txt dig @208.67.222.222 -p 5353 +time=10 debug.opendns.com txt dig +time=10 debug.opendns.com txt dig +time=10 whoami.akamai.net dig +time=10 whoami.ultradns.net dig @208.67.222.222 +time=10 myip.opendns.com dig @ns1-1.akamaitech.net +time=10 whoami.akamai.net dig @pdns1.ultradns.net +time=10 whoami.ultradns.net nslookup -timeout=10 -class=chaos -type=txt hostname.bind. 4.2.2.1 nslookup -timeout=10 -class=chaos -type=txt hostname.bind. 192.33.4.12 nslookup -timeout=10 -class=chaos -type=txt hostname.bind. 204.61.216.4 /sbin/ifconfig -a /usr/sbin/scutil --dns /usr/sbin/netstat -rn % dig -x 10.0.0.123
1.4 dig -t type
type by default is "A" records, but you can retrieve any of the dns record types, A, MX, PTR, SOA, CANONOCIAL
dig -t mx senecacollege.ca dig -t soa senecacollege.ca dig -t canonical senecacollege.ca
2 BIND Zone files
Servers running BIND place their zone files in:
/var/named
2.1 master file
/var/named/master/master.zintis.net
/var/named/master/master.sub-domain.zintis.net
2.2 slave file
/var/named/slave/slave.zintis.net
2.3 root server zone file
/var/named/root.servers
# typically "named.ca" or "named.root" in BIND
2.4 views file
/var/named/views
2.5 Reverse mapping filenames
Uses the subnet number and .rev For example if the zone is '11.168.192.IN-ADDR.ARPA' the file would be 192.168.11.rev
2.6 Localhost zone file, master.localhost
(BIND calls it localhost.zone) with reverse mapping file called localhost.rev
3 Zone file Resource Records:
Zone file resource records contain columns of data, separated by whitespace, that define the record. All zone file resource records are assigned a particular type, which designates the record's purpose. The following types of resource records are the most commonly used:
A
- address recordCNAME
- canonical name recordMX
- mail exchange recordNS
- nameserver recordPTR
- pointer recordSOA
- Start of Authority record
3.1 A — Address record, which specifies an IP address to assign to a name.
- <host> IN A <IP-address>
If the <host> value is omitted, then an A record points to a default IP address for the top of the namespace. This system will be the target of all non-FQDN requests.
Consider the following A record examples for the domain.com zone file:
IN A 10.0.1.3
IN A 10.0.1.5 server1
Requests for domain.com are pointed to 10.0.1.3, while requests for server1.domain.com are pointed to 10.0.1.5.
3.2 AAAA - Address record (ipv6)
3.3 CNAME — Canonical name record, which tells the nameserver that one name is also known as another.
3.4 MX — Mail eXchange record, which tells where mail sent to a particular namespace controlled by this zone should go.
3.5 NS — NameServer record, which announces the authoritative nameservers for a particular zone.
3.6 PTR — PoinTeR record, designed to point to another part of the namespace.
3.7 SOA — Start Of Authority record, proclaiming important authoritative information about the namespace to the nameserver.
Located after the directives, an SOA record is the first resource record in a zone file.
@ IN SOA <primary-name-server> <hostmaster-email> ( <serial-number> <time-to-refresh> <time-to-retry> <time-to-expire> <minimum-TTL> )
3.8 Example zone file:
$ORIGIN example.com. @ 3600 SOA ns1.p30.dynect.net. ( zone-admin.dyndns.com. ; address of responsible party 2016072701 ; serial number 3600 ; refresh period 600 ; retry period 604800 ; expire time 1800 ) ; minimum ttl 86400 NS ns1.p30.dynect.net. 86400 NS ns2.p30.dynect.net. 86400 NS ns3.p30.dynect.net. 86400 NS ns4.p30.dynect.net. 3600 MX 10 mail.example.com. 3600 MX 20 vpn.example.com. 3600 MX 30 mail.example.com. 60 A 204.13.248.106 3600 TXT "v=spf1 includespf.dynect.net ~all" mail 14400 A 204.13.248.106 vpn 60 A 216.146.45.240 webapp 60 A 216.146.46.10 webapp 60 A 216.146.46.11 www 43200 CNAME example.com.
4 BIND named.conf file
The syntax of the named.conf file is as follows:
<statement-1> ["<statement-1-name>"] [<statement-1-class>] { <option-1>; <option-2>; <option-N>; }; <statement-2> ["<statement-2-name>"] [<statement-2-class>] { <option-1>; <option-2>; <option-N>; }; <statement-N> ["<statement-N-name>"] [<statement-N-class>] { <option-1>; <option-2>; <option-N>; };
Using this syntax, you can create an actual named.conf file:
// MASTER & CACHING NAME SERVER for EXAMPLE, INC. // maintained by: me myself alone // CHANGELOG: // 1. 9 july 2003 - did something // 2. 16 july 2003 - did something else // 3. 23 july 2003 - did something more // options { directory "/var/named"; // version statement - inhibited for security // (avoids hacking any known weaknesses) version "get lost"; // optional - disables all transfers // slaves allowed in zone clauses allow-transfer {"none";}; // Closed DNS - permits only local IPs to issue recursive queries // remove if an Open DNS required to support all users // or add additional ranges allow-recursion {192.168.3.0/24;}; }; // // log to /var/log/named/example.log all events from // info UP in severity (no debug) // defaults to use 3 files in rotation // BIND 8.x logging MUST COME FIRST in this file // BIND 9.x parses the whole file before using the log // failure messages up to this point are in (syslog) // typically /var/log/messages // logging{ channel example_log{ file "/var/log/named/example.log" versions 3 size 2m; severity info; print-severity yes; print-time yes; print-category yes; }; category default{ example_log; }; }; // required zone for recursive queries zone "." { type hint; file "root.servers"; }; zone "example.com" in{ type master; file "master/master.example.com"; // enable slaves only allow-transfer {192.168.23.1;192.168.23.2;}; }; // required local host domain zone "localhost" in{ type master; file "master.localhost"; allow-update{none;}; }; // localhost reverse map zone "0.0.127.in-addr.arpa" in{ type master; file "localhost.rev"; allow-update{none;}; }; // reverse map for class C 192.168.0.0 zone "0.168.192.IN-ADDR.ARPA" in{ type master; file "192.168.0.rev"; };
5 ACL in /etc/named.conf
The following statements may be used in /etc/named.conf:
acl <acl-name> — Configures an access control list of IP addresses to be allowed or disallowed certain named services. Most of the time, individual IP addresses or IP network notation (such as 10.0.1.0/24) is used identify the exact IPs.
A few access control lists are already defined, so you do not have to configure an acl statement to define them:
any — Matches every IP address.
localhost — Matches any IP address in use by the local system.
localnets — Matches any IP address on any network to which the local system is connected .
none — Matches no IP addresses.
When utilized with other /etc/named.conf statements and their options, acl statements can be very useful in ensuring the proper use of your BIND nameserver. Consider the example in Figure 17-3.
acl black-hats { 10.0.2.0/24; 192.168.0.0/24; };
acl red-hats { 10.0.1.0/24; };
options { blackhole { black-hats; }; allow-query { red-hats; }; allow-recursion { red-hats; }; }
6 BIND (named slave file)
// SLAVE & CACHING NAME SERVER for EXAMPLE, INC. // maintained by: me myself alone // CHANGELOG: // 1. 9 july 2003 - did something // 2. 16 july 2003 - did something else // 3. 23 july 2003 - did something more // options { directory "/var/named"; // version statement - inhibited for security // (avoids hacking any known weaknesses) version "not currently available"; // allows notifies only from master allow-notify {192.168.0.1}; // disables all zone transfer requests allow-transfer{"none"}; // Closed DNS - permits only local IPs to issue recursive queries // remove if an Open DNS required to support all users // or add additional ranges allow-recursion {192.168.3.0/24;}; }; // // log to /var/log//named/example.log all events // from info UP in severity (no debug) // defaults to use 3 files in rotation // BIND 8.x logging MUST COME FIRST in this file // BIND 9.x parses the whole file before using the log // failure messages up to this point are in (syslog) // typically /var/log/messages // logging{ channel example_log{ file "/var/log/named/example.log" versions 3 size 2m; severity info; print-severity yes; print-time yes; print-category yes; }; category default{ example_log; }; }; // required zone for recursive queries zone "." { type hint; file "root.servers"; }; // see notes below zone "example.com" in{ type slave; file "slave/slave.example.com"; masters {192.168.0.1;}; }; // required local host domain zone "localhost" in{ type master; file "pri.localhost"; allow-update{none;}; }; // localhost reverse map zone "0.0.127.in-addr.arpa" in{ type master; file "localhost.rev"; allow-update{none;}; }; // reverse map for class C 192.168.0.0 (see notes) zone "0.168.192.IN-ADDR.ARPA" IN { type slave; file "sec.192.168.0.rev"; masters {192.168.0.1;}; };
7 host -t a cbc.ca
A shorter easier alternative to dig is host -t a cbc.ca
host can also lookup other resource records, by specifying type, -t host -t soa www.cbc.ca host -t mx www.cbc.ca
From man page:
SYNOPSIS host [-aCdlnrsTUwv] [-c class] [-N ndots] [-R number] [-t type] [-W wait] [-m flag] [[-4] | [-6]] [-v] [-V] {name} [server] DESCRIPTION host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. When no arguments or options are given, host prints a short summary of its command line arguments and options. name is the domain name that is to be looked up. It can also be a dotted-decimal IPv4 address or a colon-delimited IPv6 address, in which case host will by default perform a reverse lookup for that address. server is an optional argument which is either the name or IP address of the name server that host should query instead of the server or servers listed in /etc/resolv.conf.
host -4 cbc.ca 8.8.8.8 host -t SOA cbc.ca 208.67.222.222
8 nslookup
nslookup [-option] [name | -] [server]
nslookup -query=hinfo -timeout=10 senecacollege.ca
nslookup