Testing DNS with dig

dig is another DNS test command that is very similar to host. It has the same strengths and weaknesses, but is both more powerful and more complex. The basic format of a dig command is dig [^server] domain-name [type]

If a server is defined, the name of the server must be preceded by an @. If a server is not specified on the command line, the local server is used. The type of resource record being requested is identified using a standard record type or the keyword any; if a resource record type is not specified, the dig command fetches address records. For example, to query the server goat for any records pertaining to dolphin, enter

$ dig @goat.example.org dolphin.example.org any

A nice dig feature is its capability to make reverse domain queries simple. Remember that when IP addresses are mapped back to domain names, they are first reversed to make the structure compatible with domain names, and the domain name in-addr.arpa is appended to the end of the reversed address. To do a reverse lookup with nslookup, you first set the query type to PTR and then manually enter the reversed and expanded address. With dig, you just use the -x option, as shown in Listing 13.20.

Listing 13.20: Testing DNS with dig

;; res options: init recurs defnam dnsrch ;; got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5 ;; QUERY SECTION:

;; 105.55.16.172.in-addr.arpa, type = ANY, class = IN

;; ANSWER SECTION:

105.55.16.172.in-addr.arpa. 8H IN PTR rail.foobirds.org. ;; AUTHORITY SECTION:

55.16.172.in-addr.arpa. 8H IN NS dove.foobirds.org.

55.16.172.in-addr.arpa. 8H IN NS hawk.foobirds.org.

;; ADDITIONAL SECTION:

dove.foobirds.org. 19h7m19s IN A 172.16.2.2

hawk.foobirds.org. 16m17s IN A 172.16.16.1

;; Total query time: 2 msec

;; FROM: rail.foobirds.org to SERVER: default — 172.16.5.1 ;; WHEN: Tue Jun 29 16:07:30 1999 ;; MSG SIZE sent: 43 rcvd: 213

This example shows something else about dig—it is very talkative. It displays everything that is exchanged between the DNS client and the server. The meat of the response is the answer section buried in the middle of the display, which says that the address 172.16.55.105 is assigned to rail.foobirds.org. The other parts of the display are the following:

• The query section, which displays the query sent to the server

• The authority section, which gives a list of the authoritative name servers for the domain that was queried

• The additional section, which provides the addresses of the authoritative servers

The sections in the dig output exactly match the sections in a DNS reply packet. This allows you to look inside the protocol exchange and see all of the information that the system receives in response to a DNS query.

dig, host, and nslookup are a powerful trio of tools for testing and debugging domain name service. When the error message is Unknown Host, a Linux system is well-equipped to tackle the problem.

Was this article helpful?

0 0

Post a comment