DNS
Using dig and host The bind-utils package (or dnsutils for Debian based systems) provides tools used to query DNS servers. We will use dig and host to illustrate different types of queries.
Dig command : The dig command in Linux is used to gather DNS information. It stands for Domain Information Groper, and it collects data about Domain Name Servers.
The dig command is helpful for troubleshooting DNS problems, but is also used to display DNS information.
Installing Dig command
In case of Debian/Ubuntu
$sudo apt-get install dnsutils
In case of CentOS/RedHat
$sudo yum install bind-utils
dig [server] [name] [type]
Working with Dig Command
1. To query domain “A” record
dig linuxwithgoutam.org
A record refers to IPV4 IP.
Similarly, if record type is set as “AAAA”, this would return IPV6 IP.The first column lists the name of the server that was queried
The second column is the Time to Live, a set timeframe after which the record is refreshed
The third column shows the class of query – in this case, “IN” stands for Internet
The fourth column displays the type of query – in this case, “A” stands for an A (address) record
The final column displays the IP address associated with the domain name
The HEADER section shows the information it received from the server. Flags refer to the answer format.
The OPT PSEUDOSECTION displays advanced data:
EDNS – Extension system for DNS, if used
Flags – blank because no flags were specified
UDP – UDP packet size
The STATISTICS section shows metadata about the query:
Query time – The amount of time it took for a response
SERVER – The IP address and port of the responding DNS server. You may notice a loopback address in this line – this refers to a local setting that translates DNS addresses
WHEN – Timestamp when the command was run
MSG SIZE rcvd – The size of the reply from the DNS server
Specify DNS server
By default, dig
uses the local configuration to decide which nameserver to query. Use the following command to specify Google’s domain server:
dig @8.8.8.8 google.com
To query domain “A” record with +short
dig linuxwithgoutam.org +short
Dig is verbose and by using “+short” option we can reduce the output drastically as shown.
To remove comment lines.
dig linuxwithgoutam.org +nocomments
To set or clear all display flags.
dig linuxwithgoutam.org +noall
To query detailed answers.
dig linuxwithgoutam.org +noall +answer
To query all DNS record types.
dig linuxwithgoutam.org ANY
To query MX record for the domain.
dig linuxwithgoutam.org MX
If we want only the mail exchange – MX – answer section associated with a domain we use this command.
To trace DNS path
dig linuxwithgoutam.org +trace
It will query the name servers starting from the root and subsequently traverses down the namespace tree using iterative queries following referrals along the way.
For specifying name servers
dig linuxwithgoutam.org @8.8.8.8
By default, dig command will query the name servers listed in “/etc/resolv.conf” to perform a DNS lookup. We can change it by using @ symbol followed by a hostname or IP address of the name server.
To query the statistics section
dig geeksforgeeks.org +noall +answer +stats
Reverse DNS Lookup:
Reverse DNS lookup can be used to fetch domain name or the host name from the IP address.
“-x” option is used to perform reverse DNS lookup.ex:
To look up a domain name by its IP address, type the following:
dig -x 172.217.14.238
[xxxxxx ~]# dig +noall +answer -x 8.8.8.8 8.8.8.8.in-addr.arpa. 18208 IN PTR dns.google.
Note: DNS reverse look up will work only if the entry is present PTR.
PTR contents can be viewed using the command “dig -x xx.yy.zz.aa”Batch Queries:
Instead performing dig query for each domain at a time, a list of domains can be queried at once.
To do so, enter the domain names in a file, only 1 domain name in each line and perform the dig query on file.
ex: let’s say, file.txt has the list of domain names to be queried then,dig -f file.txt +shortwill perform DNS queries and return all the resolved IPs.
dig -h Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt} {global-d-opt} host [@local-server] {local-d-opt} [ host [@local-server] {local-d-opt} [...]] Where: domain is in the Domain Name System q-class is one of (in,hs,ch,...) [default: in] q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a] (Use ixfr=version for type ixfr) q-opt is one of: -4 (use IPv4 query transport only) -6 (use IPv6 query transport only) -b address[#port] (bind to source address/port) -c class (specify query class) -f filename (batch mode) -k keyfile (specify tsig key file) -m (enable memory usage debugging) -p port (specify port number) -q name (specify query name) -r (do not read ~/.digrc) -t type (specify query type) -u (display times in usec instead of msec) -x dot-notation (shortcut for reverse lookups) -y [hmac:]name:key (specify named base64 tsig key) d-opt is of the form +keyword[=value], where keyword is: +[no]aaflag (Set AA flag in query (+[no]aaflag)) +[no]aaonly (Set AA flag in query (+[no]aaflag)) +[no]additional (Control display of additional section) +[no]adflag (Set AD flag in query (default on)) +[no]all (Set or clear all display flags) +[no]answer (Control display of answer section) +[no]authority (Control display of authority section) +[no]badcookie (Retry BADCOOKIE responses) +[no]besteffort (Try to parse even illegal messages) +bufsize[=###] (Set EDNS0 Max UDP packet size) +[no]cdflag (Set checking disabled flag in query) +[no]class (Control display of class in records) +[no]cmd (Control display of command line - global option) +[no]comments (Control display of packet header and section name comments) +[no]cookie (Add a COOKIE option to the request) +[no]crypto (Control display of cryptographic fields in records) +[no]defname (Use search list (+[no]search)) +[no]dns64prefix (Get the DNS64 prefixes from ipv4only.arpa) +[no]dnssec (Request DNSSEC records) +domain=### (Set default domainname) +[no]dscp[=###] (Set the DSCP value to ### [0..63]) +[no]edns[=###] (Set EDNS version) [0] +ednsflags=### (Set EDNS flag bits) +[no]ednsnegotiation (Set EDNS version negotiation) +ednsopt=###[:value] (Send specified EDNS option) +noednsopt (Clear list of +ednsopt options) +[no]expandaaaa (Expand AAAA records) +[no]expire (Request time to expire) +[no]fail (Don't try next server on SERVFAIL) +[no]header-only (Send query without a question section) +[no]https[=###] (DNS-over-HTTPS mode) [/] +[no]https-get (Use GET instead of default POST method +[no]identify (ID responders in short answers) +[no]idnin (Parse IDN names [default=on on tty]) +[no]idnout (Convert IDN response [default=on on tty]) +[no]ignore (Don't revert to TCP for TC responses.) +[no]keepalive (Request EDNS TCP keepalive) +[no]keepopen (Keep the TCP socket open between queries) +[no]multiline (Print records in an expanded format) +ndots=### (Set search NDOTS value) +[no]nsid (Request Name Server ID) +[no]nssearch (Search all authoritative nameservers) +[no]onesoa (AXFR prints only one soa record) +[no]opcode=### (Set the opcode of the request) +padding=### (Set padding block size [0]) +[no]qr (Print question before sending) +[no]question (Control display of question section) +[no]raflag (Set RA flag in query (+[no]raflag)) +[no]rdflag (Recursive mode (+[no]recurse)) +[no]recurse (Recursive mode (+[no]rdflag)) +retry=### (Set number of UDP retries) [2] +[no]rrcomments (Control display of per-record comments) +[no]search (Set whether to use searchlist) +[no]short (Display nothing except short form of answers - global option) +[no]showbadcookie (Show BADCOOKIE message) +[no]showsearch (Search with intermediate results) +[no]split=## (Split hex/base64 fields into chunks) +[no]stats (Control display of statistics) +subnet=addr (Set edns-client-subnet option) +[no]tcflag (Set TC flag in query (+[no]tcflag)) +[no]tcp (TCP mode (+[no]vc)) +timeout=### (Set query timeout) [5] +[no]tls (DNS-over-TLS mode) +[no]trace (Trace delegation down from root [+dnssec]) +tries=### (Set number of UDP attempts) [3] +[no]ttlid (Control display of ttls in records) +[no]ttlunits (Display TTLs in human-readable units) +[no]unknownformat (Print RDATA in RFC 3597 "unknown" format) +[no]vc (TCP mode (+[no]tcp)) +[no]yaml (Present the results as YAML) +[no]zflag (Set Z flag in query) global d-opts and servers (before host name) affect all queries. local d-opts and servers (after host name) affect only that lookup. -h (print help and exit) -v (print version and exit)
Host
Host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa.
When no arguments or options are given, host prints a short summary of its command line arguments and options.
| TAG | DESCRIPTION | | --- | --- | | -a | The -a (all) option is equivalent to setting the -v option and asking host to make a query of type ANY.. | | -C | When the -C option is used, host will attempt to display the SOA records for zone name from all the listed authoritative name servers for that zone. The list of name servers is defined by the NS records that are found for the zone. | | -c class | TThe -c option instructs host to make a DNS query of class class. This can be used to lookup Hesiod or Chaosnet class resource records. The default class is IN (Internet).. | | -d | Verbose output is generated by host when the -d or -v option is used. The two options are equivalent. They have been provided for backwards compatibility. In previous versions, the -d option switched on debugging traces and -v enabled verbose output. | | -l | List mode is selected by the -l option. This makes host perform a zone transfer for zone name. Transfer the zone printing out the NS, PTR, and address records (A/AAAA). If combined with -a all records will be printed. | | -i | The -i option specifies that reverse lookups of IPv6 addresses should use the IP6.INT domain as defined in RFC1886. The default is to use IP6.ARPA. | | -N ndots | The -N option sets the number of dots that have to be in name for it to be considered absolute | | -R number | Non-recursive queries can be made via the -r option. Setting this option clears the RD ("recursion desired") bit in the query which host makes.. | | -T | By default, host uses UDP when making queries. The -T option makes it use a TCP connection when querying the name server. TCP will be automatically selected for queries that require it, such as zone transfer (AXFR) requests. | | -4 | The -4 option forces host to only use IPv4 query transport.. | | -6 | The -6 option forces host to only use IPv6 query transport. | | -s | The -s option tells host not to send the query to the next nameserver if any server responds with a SERVFAIL response, which is the reverse of normal stub resolver behavior. | | -m flag | The -m can be used to set the memory usage debugging flags record, usage and trace. | | -6 | The -6 option forces host to only use IPv6 query transport. |
$ host google.com
Making host query using IP address:
$ host 172.217.26.174
To display MX records for google.com domain
$ host -n -t mx google.com
Find out the SOA record:
$ host -t soa google.com
Query Particular Name Server
$ host google.com ns4.google.com
Display all information regarding Domain Records and Zone:
$ host -a amazon.in
Get TTL Information
$ host -v -t a google.com
Basic Bind 8 Configuration
The configuration file for a Bind 8 server is /etc/named.conf
This file has the following main entries:
Main entries in named.conf
logging
Specify where logs are written too and what needs to be logged
options
Global options are set here (e.g the path to the zone files)
zone
Defines a zone: the name, the zone file, the server type
acl
Access control list
server
Specific options for remote servers
1.1 The Logging Statement:
The syntax for logging is:
```plaintext logging { channel “channel_name” { file “file_name”; versions number_of_files; size log_size; syslog < daemon | auth | syslog | authpriv | local0 -to-
local7 | null >;
| dynamic > ;
severity <critical | error | warning | notice | info | debug
print-category yes_or_no; print-severity yes_or_no; print-time yes_or_no; }; category “category_name” { “channel_name”; }; ```