12.5.1. Looking Up Different Record Types
By default, nslookup looks up the address for a domain name, or the domain name for an address. You can look up any record type by changing the querytype, as we show in this example:
These are only a few of the valid DNS record types, of course. For a more complete list, see Appendix A, "DNS Message Format and Resource Records".% nslookup
Default Server: terminator.movie.edu
Address: 0.0.0.0
> misery -- Look up address
Server: terminator.movie.edu
Address: 0.0.0.0
Name: misery.movie.edu
Address: 192.253.253.2
> 192.253.253.2 -- Look up domain name
Server: terminator.movie.edu
Address: 0.0.0.0
Name: misery.movie.edu
Address: 192.253.253.2
> set q=mx -- Look up MX records
> wormhole
Server: terminator.movie.edu
Address: 0.0.0.0
wormhole.movie.edu preference = 10, mail exchanger = wormhole.movie.edu
wormhole.movie.edu internet address = 192.249.249.1
wormhole.movie.edu internet address = 192.253.253.1
> set q=any -- Look up records of any type
> diehard
Server: terminator.movie.edu
Address: 0.0.0.0
diehard.movie.edu internet address = 192.249.249.4
diehard.movie.edu preference = 10, mail exchanger = diehard.movie.edu
diehard.movie.edu internet address = 192.249.249.4
12.5.2. Authoritative Versus Nonauthoritative Answers
If you've used nslookup before, you might have noticed something peculiar -- the first time you look up a remote domain name, the answer is authoritative, but the second time you look up the same name it is nonauthoritative. Here's an example:
While this looks odd, it really isn't. What's happening here is that the first time the local name server looks up slate.mines.colorado.edu, it contacts the name server for mines.colorado.edu, and the mines.colorado.edu server then responds with an authoritative answer. The local name server, in effect, passes the authoritative response directly back to nslookup. It also caches the response. The second time you look up slate.mines.colorado.edu, the name server answers out of its cache, which results in the answer "non-authoritative." [96]% nslookup
Default Server: relay.hp.com
Address: 15.255.152.2
> slate.mines.colorado.edu.
Server: relay.hp.com
Address: 15.255.152.2
Name: slate.mines.colorado.edu
Address: 138.67.1.3
> slate.mines.colorado.edu.
Server: relay.hp.com
Address: 15.255.152.2
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
Non-authoritative answer:
Name: slate.mines.colorado.edu
Address: 138.67.1.3
[96]BIND 9 name servers, interestingly, show even the first responses as nonauthoritative.Notice that we terminated the domain name with a trailing dot each time we looked it up. The response would have been the same if we'd left the trailing dot off. There are times when it's critical that you use the trailing dot while debugging, and times when it's not. Rather than stopping to decide if this name needs a trailing dot, we always add one if we know the name is fully qualified, except, of course, if we've turned off the search list.
12.5.3. Switching Name Servers
Sometimes you want to query another name server directly -- you may think it is misbehaving, for example. You can switch servers with nslookup by using the server or lserver command. The difference between server and lserver is that lserver queries your "local" name server -- the one you started out with -- to get the address of the server you want to switch to; server uses the default name server instead of the local server. This difference is important because the server you just switched to may not be responding, as we'll show in this example:
When we start up, our first name server, relay.hp.com, becomes our lserver. This will matter later on in this session.% nslookup
Default Server: relay.hp.com
Address: 15.255.152.2
At this point, we try to switch back to our original name server. But there is no name server running on galt.cs.purdue.edu to look up relay.hp.com's address:> server galt.cs.purdue.edu.
Default Server: galt.cs.purdue.edu
Address: 128.10.2.39
> cs.purdue.edu.
Server: galt.cs.purdue.edu
Address: 128.10.2.39
*** galt.cs.purdue.edu can't find cs.purdue.edu.: No response from server
Instead of being stuck, though, we use the lserver command to have our local name server look up relay.hp.com's address:> server relay.hp.com.
*** Can't find address for server relay.hp.com.: No response from server
Since the name server on galt.cs.purdue.edu did not respond -- that host isn't even running a name server -- it wasn't possible to look up the address of relay.hp.com to switch back to using relay 's name server. Here's where lserver comes to the rescue: the local name server, relay, was still responding, so we used it. Instead of using lserver, we also could have recovered by using relay's IP address directly -- server 15.255.152.2.> lserver relay.hp.com.
Default Server: relay.hp.com
Address: 15.255.152.2
> ^D
And, of course, you can change servers from the command line. You can specify the server to query as the argument after the domain name to look up, like this:% nslookup
Default Server: relay.hp.com
Address: 15.255.152.2
> saturn.sun.com. ns.sun.com.
Name Server: ns.sun.com
Address: 192.9.9.3
Name: saturn.sun.com
Addresses: 192.9.25.2
> ^D
This instructs nslookup to query terminator.movie.edu for MX records for fisherking.movie.edu.% nslookup -type=mx fisherking.movie.edu. terminator.movie.edu.
% nslookup - terminator.movie.edu.
No comments:
Post a Comment