Basic question: getting DNS info with dig

anirvana · 04-05-2007, 01:17 PM

Hello everyone,
I am a relative novice with linux, and so would appreciate any help from people on thie following issue

.

I am trying to find out who are the DNS servers for a set of IP addresses. Usually when I do ">dig $ip" I can see the DIG options, question section, answer section blah blah...

In the Authority section, I think the root servers for the domain being probed are listed. The thing is is for nearly all the IPs I am looking up the Authority section always comes out to be the same, which bothers me..am I doing something wrong..

e.g. I look up dig 63.241.205.173 and I get,
; <<>> DiG 9.3.1 <<>> 63.241.205.173
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58078
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;63.241.205.173. IN A

;; AUTHORITY SECTION:
. 10342 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2007040500 1800 900 604800 86400

;; Query time: 45 msec
;; SERVER: 138.23.169.10#53(138.23.169.10)
;; WHEN: Thu Apr 5 10:11:53 2007
;; MSG SIZE rcvd: 107

Can I now say that the authoritative DNS server for this ip is a.root-servers.net. nstld.verisign-grs.com ?

For the following set of IPs too I get the same output..which could be OK, but would slightly strange !

Any advice on this would be greatly appreciated.
Thanks folks,
-A

bsdunix · 04-05-2007, 02:11 PM

Lots of good information with examples:

"DiG HOWTO"
http://www.madboa.com/geek/dig/

The authority section tells what DNS servers can provide an authoritative answer.

ramram29 · 04-05-2007, 02:52 PM

This is a security feature that may be configured in the zone. Notice that ANSWER: 0 - that means that it is not returning and answer to you. If you try another lookup it should return an answer to you. The ANSWER section is what you should be looking for. For example:

$ dig -t soa yahoo.com

; <<>> DiG 9.3.3rc2 <<>> -t soa yahoo.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17921
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 7, ADDITIONAL: 7

;; QUESTION SECTION:
;yahoo.com. IN SOA

;; ANSWER SECTION:
yahoo.com. 1800 IN SOA ns1.yahoo.com. hostmaster.yahoo-inc.com. 2007040509 3600 300 1814400 600

;; AUTHORITY SECTION:
yahoo.com. 85843 IN NS ns1.yahoo.com.
yahoo.com. 85843 IN NS ns2.yahoo.com.
yahoo.com. 85843 IN NS ns3.yahoo.com.
yahoo.com. 85843 IN NS ns4.yahoo.com.
yahoo.com. 85843 IN NS ns5.yahoo.com.
yahoo.com. 85843 IN NS ns8.yahoo.com.
yahoo.com. 85843 IN NS ns9.yahoo.com.

;; ADDITIONAL SECTION:
ns1.yahoo.com. 25792 IN A 66.218.71.63
ns2.yahoo.com. 4881 IN A 68.142.255.16
ns3.yahoo.com. 73344 IN A 217.12.4.104
ns4.yahoo.com. 63515 IN A 68.142.196.63
ns5.yahoo.com. 3284 IN A 216.109.116.17
ns8.yahoo.com. 85754 IN A 202.165.104.22
ns9.yahoo.com. 85843 IN A 202.160.176.146

;; Query time: 146 msec
;; SERVER: 10.8.1.11#53(10.8.1.11)
;; WHEN: Thu Apr 5 15:49:40 2007
;; MSG SIZE rcvd: 322

fur · 04-05-2007, 07:10 PM

You need to use "-x"

Without

Code:

$ dig  216.109.118.70

; <<>> DiG 9.3.2 <<>> 216.109.118.70
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39238
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;216.109.118.70.         IN A

;; AUTHORITY SECTION:
.          10693   IN   SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2007040500 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 192.168.0.50#53(192.168.0.50)
;; WHEN: Thu Apr  5 20:08:57 2007
;; MSG SIZE  rcvd: 107

With

Code:

$ dig -x 216.109.118.70

; <<>> DiG 9.3.2 <<>> -x 216.109.118.70
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57373
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 0

;; QUESTION SECTION:
;70.118.109.216.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
70.118.109.216.in-addr.arpa. 1091 IN    PTR     p7.www.dcn.yahoo.com.

;; AUTHORITY SECTION:
118.109.216.in-addr.arpa. 172691 IN     NS ns2.yahoo.com.
118.109.216.in-addr.arpa. 172691 IN     NS ns3.yahoo.com.
118.109.216.in-addr.arpa. 172691 IN     NS ns4.yahoo.com.
118.109.216.in-addr.arpa. 172691 IN     NS ns5.yahoo.com.
118.109.216.in-addr.arpa. 172691 IN     NS ns1.yahoo.com.

;; Query time: 1 msec
;; SERVER: 192.168.0.50#53(192.168.0.50)
;; WHEN: Thu Apr  5 20:08:50 2007
;; MSG SIZE  rcvd: 169

Edit:

Also it can be useful to add the "+trace" option to the end of the command.

JimBass · 04-06-2007, 12:18 AM

You actually can't tell anything about the authoritative DNS for an IP address. The two things have nothing to do with one another. Authoritative DNS is the server that provides definitive info about a domain name, not an IP.

You can use dig with the -x to do a reverse lookup of an address, and find out which ISP or company "controls" the IP in question, but that doesn't tell you anything about the authoritative DNS.

As an example, say you do a reverse lookup on 6.7.8.9. You find out that 6.7.8.9 is owned by abc corp, and there is no special PTR address set for 6.7.8.9, it simply returns something like user.01.abccorp.net.

What you didn't find out however is that 6.7.8.9 may be a website for the green company. Their DNS is authoritative for www.green.com, and the third A record for www.green.com is 6.7.8.9. You have no way of knowing for sure what is tied to a given IP address.

I think the problem might be that you're using the wrong term for what you're looking for. What are you trying to find about the DNS for a given IP address for in any case?

Peace,
JimBass

anirvana · 04-06-2007, 03:15 AM

Thanks everyone for all the replies... yup the -x option does it

To make things more clear I am basically trying to understand who "controls/resolves" a particular group of URLs. For example consider that I want to know which entity/organization handles the DNS resolution for a set of URLs, say www.yahoo.com, www.akamai.com etc.. I am tying to find common organizations which handle the DNS resolution to finally get how the list of IPs is related to the DNS organizations. I know that using whois would give the registrar info for an IP/url but I want to see if these list of sites use a common DNS resolution entity.

its for a small project I'm doing.

Thanks again everyone for your help

ramram29 · 04-06-2007, 08:41 AM

Several comments in this post are confusing me. I want to clear things up a little bit, if I may.

All DNS does is resolve a name to a numerical address. Why? Because humans remember names better than numbers and machines don't calculate by names but only ones and zeros which can be manipulated to infinite numbers, hence, IP.

It is easier for us to remember mehungry.com, youhungry.com, letscook.com; compared to 216.209.10.8, 198.231.65.71, 66.75.234.90. Why do you think it's so difficult for people to remember phone numbers?

DNS is a hierarchy of machines that translate names to numbers and return the result, that's it. The SOA (Start of Authority) is the server that holds the true addresses that give a name to a number. Changes are usually made on the SOA only and propagated to all the slave servers including the root servers.

The root servers are 13 different servers (which are really many, many hundreds of servers). These hold a copy of each public zone. It usually takes several hours and up to a couple of days for changes to be reflected.

The dig command can find the SOA, the NS and the A (address) records of all the public IP's.

For some reason DNS is among one of the most misunderstood technologies and among one of the most bizare to assimilate.

timarcher52 · 04-12-2007, 06:51 AM

If you're looking for some examples on how to use dig and nslookup to test your DNS configurations, you can view my writeups at the following sites

dig quickstart and examples -
http://timarcher.com/?q=node/38

nslookup quickstart and examples -
http://timarcher.com/?q=node/37

Hopefully they'll help somebody