Interrogating Domain Names
Introduction
Console commands can be quite useful not least for which the immense power they provide given the size of the application, "nslookup" is one such command although by enlarge replaced by the "dig" command, both apparently perform the same or similar function. Both these commands perform the function of lookup for a given domain name returning a four or six digit sequence of decimal numbers separated by periods "." this number when returned gives numbered address assigned to that domain. This you might already know, what you might not know is that any given domain name can hold more than just one numbered address. What is the point of that I here you ask?
Lets take a look at the "nslookup" command for instance.
This could return an address like 10.4.81.224 (well ok this address is fictitious and an example only) if domain was valid, and this is how you would normally return an address for a given domain. Quite useful really but it is possible for this domain to be invalid and yet return a valid address. Lets have a look at a real world example.
nslookup southessex.ac.uk Server: 192.168.10.1 Address: 192.168.10.1#53Non-authoritative answer:
*** Can't find southessex.ac.uk: No answerNow you may think this domain doesn't exist and who could blame you if you get an answer like that above.
Mail eXchange records
The Mail exchange record is why the address is actually valid but how to get at the information, if it is not displayed when we ask to lookup the domain address.
mx = mail exchange recordsLets look at an example type at the command line "nslookup" and press the return key type "set query=mx" at the given prompt then the domain name you wish to lookup at the next prompt.
This will return information similar to the following:
Server: 192.168.10.1 Address: 192.168.10.1#53Non-authoritative answer:
domainname.com mail exchanger = 10 mail.domainname.com.Authoritative answers can be found from:
domainname.com nameserver = dns1.domainname.com. domainname.com nameserver = dns2.domainname.com. domainname.com nameserver = dns3.domainname.com. mail.domainname.com internet address = 67.132.11.48 dns1.domainname.com internet address = 67.132.11.11 dns1.domainname.com internet address = 67.132.11.11 dns1.domainname.com internet address = 67.132.11.11 dns2.domainname.com internet address = 67.132.11.12 dns2.domainname.com internet address = 67.132.11.12 dns2.domainname.com internet address = 67.132.11.12 dns3.domainname.com internet address = 74.86.180.186 dns3.domainname.com internet address = 74.86.180.186 dns3.domainname.com internet address = 74.86.180.186 vSo it appears that domainname.com is a valid address for both domain and mail exchange not something I planned for but proves the point. Lets look at what is returned for domain that returns no answer "southessex.ac.uk". nslookup > set query=mx > southessex.ac.uk Server: 192.168.10.1 Address: 192.168.10.1#53Non-authoritative answer:
southessex.ac.uk mail exchanger = 5 sophosmail-2.southessex.ac.uk. southessex.ac.uk mail exchanger = 5 sophosmail.southessex.ac.uk.Authoritative answers can be found from:
You can try this yourself on any domain name which can help to provide re-assurance when email bounces unexpectedly. It works towards a set of tools that help define the status of servers held on the Wide Area Network. In order to exit "nslookup" prompt just type exit and press return key.
If you want more info for the domain name try this:
nslookup > set type-any *** Invalid option: type-any > set type=any > southessex.ac.uk Server: 192.168.10.1 Address: 192.168.10.1#53Non-authoritative answer:
southessex.ac.uk mail exchanger = 5 sophosmail.southessex.ac.uk. southessex.ac.uk mail exchanger = 5 sophosmail-2.southessex.ac.uk. southessex.ac.uk nameserver = ns3.ja.net. southessex.ac.uk nameserver = ibseec-3.southend.ac.uk. southessex.ac.uk origin = ibseec-3.southend.ac.uk mail addr = quentin\.stols.southessex.ac.uk serial = 83 refresh = 300 retry = 1800 expire = 2592000 minimum = 900 southessex.ac.uk text = "v=spf1" "mx" "include:cmail1.com" "~all"Authoritative answers can be found from:
Again to exit nslookup type exit at prompt and press return key.
- 1390 reads
