Nslookup: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
 
(7 intermediate revisions by the same user not shown)
Line 7: Line 7:
=Overview=
=Overview=


Warning: nslookup was found not work correctly on some busybox versions.
If nslookup is able to resolve the name, exits with 0, otherwise exits with 1.
 
{{Warn|nslookup was found not work correctly on some busybox versions.}}


=Installation=
=Installation=
Line 42: Line 44:


==Debug Mode==
==Debug Mode==
To display protocol exchanges:


<syntaxhighlight lang='bash'>
<syntaxhighlight lang='bash'>
Line 54: Line 58:
* <code>any</code>
* <code>any</code>
* <code>cname</code>
* <code>cname</code>
* <code>ns</code> authoritative name server.
* <code>hinfo</code> a computer's CPU and type of operating system.
* <code>hinfo</code> a computer's CPU and type of operating system.
* <code>mx</code> mail exchanger.
* <code>mx</code> mail exchanger.
Line 91: Line 96:
novaordis.com mail exchanger = 10 aspmx3.googlemail.com.
novaordis.com mail exchanger = 10 aspmx3.googlemail.com.
</syntaxhighlight>
</syntaxhighlight>
=Obtain the Authoritative Answer=
I was not able to find a way to configure nslookup to not return non-authoritative answers. The most reliable method to drop the non-authoritative answers seems to grep for NXDOMAIN.
However, if nslookup cannot resolve the name, it returns 1, otherwise returns 0.

Latest revision as of 05:04, 19 March 2020

External

Internal

Overview

If nslookup is able to resolve the name, exits with 0, otherwise exits with 1.


nslookup was found not work correctly on some busybox versions.

Installation

With yum

yum install bind-utils

With apt

apt-get update
apt-get install dnsutils

Non-Interactive Mode

Getting the IP address for a name:

nslookup www.cnn.com
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
www.cnn.com	canonical name = turner.map.fastly.net.
Name:	turner.map.fastly.net
Address: 151.101.0.73
Name:	turner.map.fastly.net
Address: 151.101.192.73
Name:	turner.map.fastly.net
Address: 151.101.64.73
Name:	turner.map.fastly.net
Address: 151.101.128.73

Debug Mode

To display protocol exchanges:

nslookup -debug google.com

Query Option

Getting more information for a name -query followed by a qualifier can be used. The qualifiers can be any DNS zone file element names (mx, a, txt, etc).:

  • a a computer's IP address.
  • any
  • cname
  • ns authoritative name server.
  • hinfo a computer's CPU and type of operating system.
  • mx mail exchanger.
  • soa Start of Authority, technical information about the domain.
nslookup -query=hinfo www.cnn.com
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
www.cnn.com	canonical name = turner.map.fastly.net.

Authoritative answers can be found from:
fastly.net
	origin = ns1.fastly.net
	mail addr = hostmaster.fastly.com
	serial = 2016110301
	refresh = 3600
	retry = 600
	expire = 604800
	minimum = 30

Getting the Mail Exchanger (MX) for a domain:

nslookup -query=mx novaordis.com
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
novaordis.com	mail exchanger = 5 alt1.aspmx.l.google.com.
novaordis.com	mail exchanger = 5 alt2.aspmx.l.google.com.
novaordis.com	mail exchanger = 0 aspmx.l.google.com.
novaordis.com	mail exchanger = 10 aspmx2.googlemail.com.
novaordis.com	mail exchanger = 10 aspmx3.googlemail.com.

Obtain the Authoritative Answer

I was not able to find a way to configure nslookup to not return non-authoritative answers. The most reliable method to drop the non-authoritative answers seems to grep for NXDOMAIN.

However, if nslookup cannot resolve the name, it returns 1, otherwise returns 0.