mail us  |  mail this page

contact us
training  | 
tech stuff  | 

Chapter 10. DNS Diagnostics and Tools

This chapter defines tools that may be provided with BIND releases, are generally available or just jolly useful! The tools described either provide specific services or may help in diagnosing problems.

Contents

  1. 10.1 Introduction and Overview
  2. 10.2 NSLOOKUP
  3. 10.3 DIG
  4. 10.4 dnssec-keygen
  5. 10.5 dnssec-signzone
  6. 10.6 rndc

10.1 Overview and Introduction

BIND provides a number of tools that are invaluable when testing or diagnosing problems. Of these named-checkzone (validates zone files for correctness) and named-checkconf (checks the named.conf file) are invaluable for finding those stupid problems that we can all introduce when editing files. They have the additional property that they may prolong life by removing the blind panic that ensues after making a trivial edit and reloading BIND only to find that the live system is no longer functional due a parameter error and which always seems to take longer to find when we know that hundred of queries are being rejected because the name server is off-the-air.

rndc is the remote access tool that allows selective reload of zones and to which many dns administrators are addicted. It has serious security implications if not properly installed and configured.

nsupdate is a tool that allows dynamic updating (DDNS) of zone files. Extreme care must be taken when configuring BIND to enable DDNS since you may inadvertently open up your DNS zone files to the world - while this is an extremely friendly, neighborly, thing to do it may not always be wise.

Finally, the Really Big Issue™ is whether to use nslookup or dig. With the macho guys generally regarding nslookup users as wimps. There is no doubt that dig provides more useful information than nslookup for those that understand the detailed information that is displayed, however if you work with multiple platforms, especially windows, you have no choice but to be familiar with nslookup since this is the only tool provided with the standard release. One of the happy side-effects of installing BIND on Windows is that you get all its diagnostic tools including dig.

up icon

10.2 NSLOOKUP

nslookup is officially deprecated in favour of dig (though we note that current versions no longer ouput that deprectated warning message which may indicate a change of heart). nslookup is however almost universally available - even when dig is not - this especially true on windows systems where dig is still pretty exotic. Old utilities do not die they just slowly fade away!

Command Format

nslookup in general returns A or PTR records but specific options can be used to override the default. There are both command line and interactive formats available.

nslookup maintains a set of configuration parameters (that may be modified) to add power to the command line. These parameters can be displayed using the -all (or set all in interactive mode) argument.

Quick Usage examples

The following are quick examples of common usage - all the options are explained below in mind numbing detail:

# lookup a specific host
nslookup www.example.com
# get MX and NS records for the domain
nslookup -type=ANY example.com
# get SOA record and display all nslookup default parameters
nslookup -all -type=SOA example.com

The generic command format is:

# format 1 lookup target using default DNS server
nslookup [-opt] target
# format 2 lookup target using the specific dns
nslookup [-opt] target dns
# format 3 enter interactive mode using default DNS server
nslookup [-opt]
# format 4 enter interactive mode using the specific dns
nslookup [-opt] - dns

Simple examples

Format 1 - Host lookup

nslookup www.example.com
# will return
Server: ns1.example.com
Address: 192.168.2.53

Name: www.example.com
Address: 192.168.2.80

Returns the A record for www.example.com using the default DNS server - in this case ns1.example.com (defined in Windows Network Properties or /etc/resolv.conf in *nix systems).

Format 1 - Reverse MAP IP lookup

nslookup 192.168.2.80
# will return
Server: ns1.example.com
Address: 192.168.2.53

Name: www.example.com
Address: 192.168.2.80

Returns the PTR record for 192.168.2.80 using the IN-ADDR.ARPA domain hierarchy.

Format 2 - Host lookup

nslookup www.example.com 192.168.255.53
# will return
Server: another.domain.com
Address: 192.168.255.53

Name: www.example.com
Address: 192.168.2.80

Returns the A record for www.example.com using the DNS server at 192.168.255.53. The command format allows either an IP or a name so the above command could have been written as:

nslookup www.example.com another.domain.com

Interactive Format

Interactive format (format 3 and 4 above) provides a single prompt (>) and allows any command line option to be entered. To terminate interactive mode you can use CTRL-C (Windows and *nix) or CTRL-D (*nix only) or exit (Windows and *nix).

Options

nslookup provides a dizzy number of options that vary its processing. Some of these options are only available in interactive mode. The Windows version adds a couple of commands. In each case Mode defines B = Interactive and command line format, I = Interactive only, C = command line only, W = Windows only. Multiple options can be specified with a single command.

option params mode processing
d - C Lists information for the domain. Gives SOA record and NS record details.
ls [opt] domain I list all the information for the target domain. Takes the optional extensions > or >> filename to output to a file for subsequent processing. The options supported are:
-a lists aliases (CNAME) in the domain (synonym for -t CNAME)
-d The default behaviour. Lists all records in the domain (synonym for -t ANY)
-h Lists all information records in the domain (synonym for -t HINFO)
-s Lists all well known service records in the domain (synonym for -t WKS)
-t List the specific record type in the domain e.g. -t A
lserver dns I sets the dns for subsequent commands. May be either a name or an IP. The name or IP is looked up using the original default dns (before any server or lserver commands were issued).
root root-dns B changes to root server used in various commands.
server dns I sets the dns for subsequent commands. May be either a name or an IP. The name or IP is looked up using the current default dns. The default server is defined in /etc/resolv.conf for *nix systems and network properties for Windows systems.
options which work with 'set' in interactive mode
In interactive mode these options are preceded with set and operate until changed with another set directive. In command line mode they are preceded with - and operate on a single command. In a number of cases a short form is also provided.
all - B displays a list of the default values used by nslookup, including the DNS server. Typical ouput
Set options:
  nodebug
  defname
  search
  recurse
  nod2
  novc
  noignoretc
  port=53
  type=A
  class=IN
  timeout=2
  retry=1
  root=A.ROOT-SERVERS.NET.
  domain=example.com
  MSxfr 
  [note: Windows only MS fast zone xfer]
  IXFRversion=1 
  [note: Windows only incremental zone xfer]
  srchlist=example.com
Default Server:  ns1.example.com
Address:  192.168.2.53
class= IN
ANY
CHAOS
HESIOD
B allows the class value to be set for all subsequent commands
domain= domain-name B allows a base to be set for all subsequent searches e.g.
# assume default domain = example.com
> set domain=example.org
> www
# returns results for www.example.org
# but will handle full format
> mail.example.org
# returns correct result for mail.example.org

The default domain is defined in /etc/resolv.conf for *nix systems and network properties for Windows systems. Setting domain= will reset any previously defined srchlist.

[no]debug
[no]deb
- I allows control over the debugging information - debug (short form deb) turns it on, nodebug (or nodeb) turns it off. The default is nodebug
[no]d2 - I enables/disable voluminous debugging information - d2 turns it on, nod2 turns it off. Default is nod2
[no]defname
[no]def
- I controls whether a domain name (in either domain or srchlist) is added to a target which does not end with a dot i.e. is NOT a FQDN. See also search below for full behaviour description.
[no]ignoretc - I controls if packet truncation errors are ignored (ignoretc) or whether they cause termination (noignoretc - default).
[no]msxfer - W Controls use of MS Fast zone transfer. msxfer turns it on, nomsxfer (default) turns it off.
[no]recurse
[no[rec]
- B Controls recursive behaviour. recurse (default) turns it on norecurse turns it off.
[no]vc - I controls whether to use TCP (vc) or UDP (novc) - default is novc.
[no]search
[no]sea
- I This parameter controls how the srchlist= value is used. search and defname are interrelated based on the following matrix for targets which are not FQDNs:
search defname add domain names from srchlist or until answer found
nosearch defname add domain name from domain
nosearch nodefname must be FQDN
search nodefname must be FQDN
In all cases the first result will terminate the command - you cannot use the srchlist to look up multiple targets. In general the srchlist is most useful with subdomains but can be used with different domains.
port= port no. B changes the default port from the normal (53) to that specified by port no..
type=
querytype=
ANY
A
CNAME
HINFO
MINFO
MX
NS
PTR
SOA
TXT
UINFO
WKS
B When using type= anything except A the following commands will only work on the domain root e.g.:
# enter interactive mode
nslookup 
> set type=MX
> www.example.com
# fails with 'domain non-existent'
> example.com
# provides correct answers
ANY with a domain root name will return any DNS RR with a blank name (label) entry - these include NS and MX records and thus it provides a quick way to get useful domain info.
retry= number B controls the number of retries that will be attempted. Default is 4.
root= dns B controls the dns used in the root command. Default is typically f.root-server.net. (on *nix) and a.root-servers.net.) on windows.
srchlist= dom1/dom2 I allows setting of a searchlist (up to six names are allowed separated by forward slash).

Examples - command line

# get mail records for a domain
nslookup -type=MX example.com
# list all the options being used and get host address
nslookup -all mail.example.com
# get SOA record using a specific DNS 
nslookup -type=SOA example.com 192.168.23.53

Examples - interactive mode

# enter interactive mode and list default options
nslookup -all
> 
# list all records in the domain
> ls example.com
# list all text records in domain
> ls -t TXT example.com
# set the base domain to be used for subsequent commands
> set domain=example.org
# find host
> mail
# returns mail.example.org 
# exit interactive mode
> exit

up icon



Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.

Pro DNS and BIND by Ron Aitchison

Contents

tech info
guides home
dns articles
intro
contents
1 objectives
big picture
2 concepts
3 reverse map
4 dns types
quickstart
5 install bind
6 samples
reference
7 named.conf
8 zone records
operations
9 howtos
10 tools
11 trouble
programming
12 bind api's
security
13 dns security
bits & bytes
15 messages
resources
notes & tips
registration FAQ
dns resources
dns rfcs
change log

Creative Commons License
This work is licensed under a Creative Commons License.

If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Firefox

Search

web zytrax.com

Share

Icons made by Icomoon from www.flaticon.com is licensed by CC 3.0 BY
share page via facebook tweet this page

Page

email us Send to a friend feature print this page Display full width page Decrease font size Increase font size

Resources

Systems

FreeBSD
NetBSD
OpenBSD
DragonFlyBSD
Linux.org
Debian Linux

Software

LibreOffice
OpenOffice
Mozilla
GitHub
GNU-Free SW Foundation
get-dns

Organizations

Open Source Initiative
Creative Commons

Misc.

Ibiblio - Library
Open Book Project
Open Directory
Wikipedia

Site

CSS Technology SPF Record Conformant Domain
Copyright © 1994 - 2017 ZyTrax, Inc.
All rights reserved. Legal and Privacy
site by zytrax
Hosted by super.net.sg
web-master at zytrax
Page modified: October 21 2015.