Activities

July 2013
M T W T F S S
« Jun   Aug »
1234567
891011121314
15161718192021
22232425262728
293031  

Useful information of nslookup, whois commands

nslookup is widely used for identify the issue which related to DNS records. There will be a many cases, that you will be in trouble with outdated DNS cache if the actual DNS entry is changed. Some scenario like Switching server to some other IP, creating/updating new host records [Type A], Changing MX record and Nameserver switching.

From my experience,nameserver switching will consume more time compare with other DNS changes. So any nameserver switching should be happened only on weekend. if you want to get fast DNS updation, you may have to configure Google name servers either your system or set next DNS forwarder to Google nameservers in your Name server.

I uses bind daemon for DNS purpose and used it for both local DNS as well as name caching server. Also I’d added Google public DNS (8.8.8.8, 8.8.4.4) and Verizon Free DNS ( 4.2.2.1-6) as forwarders in it

 // these are the opendns servers (optional)
        forwarders {
                20.56.230.5;
                8.8.8.8;
                20.56.230.6;
                4.2.2.1;
        };

I will do a name server restart to get the new DNS updation which I’d made on domain registrars. Google showing fast updated DNS cache.

a. How do I identify the domain registrant, registration date and name servers currently used
The linux command “whois” help to get these details. We can get the age of that company or organization 🙂

[root@rc-040 public_html]# whois google.com | more
[Querying whois.verisign-grs.com]
[whois.verisign-grs.com]
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
   Domain Name: GOOGLE.COM
   Registrar: MARKMONITOR INC.
   Whois Server: whois.markmonitor.com
   Referral URL: http://www.markmonitor.com
   Name Server: NS1.GOOGLE.COM
   Name Server: NS2.GOOGLE.COM
   Name Server: NS3.GOOGLE.COM
   Name Server: NS4.GOOGLE.COM
   Updated Date: 20-jul-2011
   Creation Date: 15-sep-1997
   Expiration Date: 14-sep-2020

Execute whois lookup after flushing your DNS local cache.

How do I re-fresh the DNS cache.

Most of the companies uses Windows server to act as DNS server along with Domain controller service. See the picture below,

In Linux

[root@rc-025 ~]# service named restart
Stopping named: .                                          [  OK  ]
Starting named:                                            [  OK  ]

[root@rc-025 ~]#

In system level

Execute this command from DOS prompt “ifconfig/flushdns”

A. NSLOOKUP command examples

1. How to check the IP address of a domain.

[root@web-test1 ~]# nslookup serveridol.com
Server:         192.168.0.25
Address:        192.168.0.25#53
Non-authoritative answer:
Name:   serveridol.com
Address: 192.96.217.114
[root@web-test1 ~]#

Pls note the first line showing which DNS server is resolving your domain name first. Suppose if the domain name that you are trying is not found the primary DNS server cache, then it forward that nslookup query to the configured forward nameservers. Then you can see secondary name server will be listed at the same place. But second time primary DNS server pick that nslookup entry and stored in cache.

Now I want check your DNS record on other public name servers, Apply the command nslookup domain_name public_nameserver.

[root@web-test1 ~]# nslookup -type=A serveridol.com  8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53
Non-authoritative answer:
Name:   serveridol.com
Address: 192.96.217.114

2. Identify the mail server details

[root@web-test1 ~]# nslookup -type=mx serveridol.com
Server:         192.168.0.25
Address:        192.168.0.25#53
Non-authoritative answer:
serveridol.com  mail exchanger = 30 ASPMX2.GOOGLEMAIL.com.
serveridol.com  mail exchanger = 40 ASPMX3.GOOGLEMAIL.com.
serveridol.com  mail exchanger = 0 aspmx.l.google.com.
serveridol.com  mail exchanger = 10 ALT1.aspmx.l.google.com.
serveridol.com  mail exchanger = 20 alt2.aspmx.l.google.com.

Other alternative commands using Dig and Host

[root@web-test1 ~]# host -t mx serveridol.com
serveridol.com mail is handled by 20 alt2.aspmx.l.google.com.
serveridol.com mail is handled by 30 ASPMX2.GOOGLEMAIL.com.
serveridol.com mail is handled by 40 ASPMX3.GOOGLEMAIL.com.
serveridol.com mail is handled by 0 aspmx.l.google.com.
serveridol.com mail is handled by 10 ALT1.aspmx.l.google.com.
[root@web-test1 ~]# dig +short MX serveridol.com
10 ALT1.aspmx.l.google.com.
20 alt2.aspmx.l.google.com.
30 ASPMX2.GOOGLEMAIL.com.
40 ASPMX3.GOOGLEMAIL.com.
0 aspmx.l.google.com.
[root@web-test1 ~]#

3. Identify the name servers of a domain

[root@web-test1 ~]# nslookup -type=NS serveridol.com | head -n 6
Server:         192.168.0.25
Address:        192.168.0.25#53
Non-authoritative answer:
serveridol.com  nameserver = ns07.domaincontrol.com.
serveridol.com  nameserver = ns08.domaincontrol.com.
[root@web-test1 ~]#
[root@web-test1 ~]# dig +short NS serveridol.com
ns08.domaincontrol.com.
ns07.domaincontrol.com.

4. Verifying SPF record value OR txt record

Eg: nslookup -type=txt

[root@web-test1 ~]# nslookup -type=txt onlineleadfinder.com. | head -n5
Server:         192.168.0.25
Address:        192.168.0.25#53
Non-authoritative answer:
onlineleadfinder.com    text = "v=spf1 ip4:173.44.142.90 ip4:173.213.92.2 a mx ip4:208.89.217.143 ?all"
[root@web-test1 ~]#

5. Verifying the DKIM key values

[root@web-test1 ~]# nslookup -type=txt  default._domainkey.onlineleadfinder.com | head -n6
Server:         192.168.0.25
Address:        192.168.0.25#53
Non-authoritative answer:
default._domainkey.onlineleadfinder.com text = "k=rsa\; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhANyIBJ6GjcOJJfXSCzHIApJuv6VkjKjYRRRnjAV1GbRVLl9rhWSjc6SbjobtUqPlHDKCP/gGkapamRYNPWB1GFCfVU/NMsv/7mtD4vYrPsDcaBWJFGeh3+gHx6wooRpIiwIDAQAB\;"

6. Verifying the CNAME record set for a domain.

In my case this help me a lot to fix an issue when I’ve enabled DKIM key associated with an email address in Amazon SES.

[root@web-test1 ~]# nslookup -type=CNAME vyon76wz2andshvnetqnlca5sf5nulyl._domainkey.onlineleadfinder.com |  head -n5
Server:         192.168.0.25
Address:        192.168.0.25#53
Non-authoritative answer:
vyon76wz2andshvnetqnlca5sf5nulyl._domainkey.onlineleadfinder.com        canonical name = vyon76wz2andshvnetqnlca5sf5nulyl.dkim.amazonses.com.
[root@web-test1 ~]#

7. How do I check the Reverse DNS (RDNS) of a domain.

You will get better email delivery if you have setup RDNS,SPF and DKIM keys for that domain. This should be implemented for bulk email servers along with IP rotation mail bombing.

Usage : Host

[root@web-test1 ~]# host 192.96.217.114
114.217.96.192.in-addr.arpa domain name pointer 192-96-217-114.static.servdns.com.
[root@web-test1 ~]#

1 comment to Useful information of nslookup, whois commands

  • VPNs are more stealthy, and more secure, so they’ll get you past more firewalls. On the other hand, the multi-payer games are made with the Macromedia Flash and other 2D and 3D animation software. This also means that bugs affecting the browser will not easily result in you losing your credit-card data, private information or Windows being affected and exploited.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>