分类: LINUX
2006-08-18 14:37:33
有些時候, 我們會想要手動查詢 DNS 上一些資料, 或者是要看看 DNS 是否有問題, 此時我們最常用的工具就是 nslookup 了, 基本上 nslookup 會根據 /etc/resolv.conf 的內容去找到所要使用的 local DNS server.有些時候, 我們會想要手動查詢 DNS 上一些資料, 或者是要看看 DNS 是否有問題, 此時我們最常用的工具就是 nslookup 了, 基本上 nslookup 會根據 /etc/resolv.conf 的內容去找到所要使用的 local DNS server.
使用說明
打入 nslookup 命令後, 會看到 > 提示符號, 此時打 ? 就會出現 nslookup 說明
Default Server: ultra1.ndhu.edu.tw
Address: 163.28.160.11
>?
$Id: nslookup.help,v 8.4 1996/10/25 18:09:41 vixie Exp $
Commands: (identifiers are shown in uppercase, [] means optional)
NAME - print info about the host/domain NAME using default server
NAME1 NAME2 - as above, but use NAME2 as server
help or ? - print info on common commands; see nslookup(1) for details
set OPTION - set an option
all - print options, current server and host
[no]debug - print debugging information
[no]d2 - print exhaustive debugging information
[no]defname - append domain name to each query
[no]recurse - ask for recursive answer to query
[no]vc - always use a virtual circuit
domain=NAME - set default domain name to NAME
srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1,N2, etc.
root=NAME - set root server to NAME
retry=X - set number of retries to X
timeout=X - set initial time-out interval to X seconds
querytype=X - set query type, e.g., A,ANY,CNAME,HINFO,MX,PX,NS,PTR,SOA,TXT,WKS,SRV,NAPTR
port=X - set port number to send query on
type=X - synonym for querytype
class=X - set query class to one of IN (Internet), CHAOS, HESIOD or ANY
server NAME - set default server to NAME, using current default server
lserver NAME - set default server to NAME, using initial server
finger [USER] - finger the optional USER at the current default host
root - set current default server to the root
ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE)
-a - list canonical names and aliases
-h - list HINFO (CPU type and operating system)
-s - list well-known services
-d - list all records
-t TYPE - list records of the given type (e.g., A,CNAME,MX, etc.)
view FILE - sort an 'ls' output file and view it with more
exit - exit the program, ^D also exits
>^D
Interactive/Noninteractive (交談式/非交談式)
執行 nslookup 時可以直接在後面跟著我們要查詢的資料, 那麼 nslookup 會直接把結果傳回來
如果只打入 nslookup [enter], 則進入交談模式, 出現提示符號 >, 此時 nslookup 會等待 user input command.
ultra1> nslookup
Default Server: ultra1.ndhu.edu.tw
Address: 163.28.160.11
>
Server: ultra1..ndhu.edu.tw
Address: 163.28.160.11
Non-authoritative answer:
Name: yohoo.com
Address: 216.116.98.143
Aliases:
Authoritative/Non-Authoritative
在查詢時有時會出現 Non-authoritative answer, 代表這個答案是由 local DNS 的 cache 中直接讀出來的, 而不是 local DNS 向真正負責這個 domain 的 name server 問來的.
常用的一些 option/command
1. set all
可以得知目前 nslookup 的一些 default 設定值
ultra1> nslookup
Default Server: ultra1.ndhu.edu.tw
Address: 163.28.160.11
> set all
Default Server: ultra1.ndhu.edu.tw
Address: 163.28.160.11
Set options:
nodebug defname search recurse
nod2 novc noignoretc port=53
querytype=A class=IN timeout=5 retry=4
root=a.root-servers.net.
domain=ndhu.edu.tw
srchlist=ndhu.edu.tw
2. server dns_server_ip
表示將內定的 local DNS 換成另一部 server
Ex: server 203.64.88.11
3. set type=any
表示在查詢某個 domain name 時, 將和這個 domain name 的一些相關資料一併顯示出來
> set type=any
>
Server: ultra1.ndhu.edu.tw
Address: 163.28.160.11
Non-authoritative answer:
canonical name = yohoo.com
Authoritative answers can be found from:
yohoo.com nameserver = ns1.netgateway.net
yohoo.com nameserver = ns2.netgateway.net
ns1.netgateway.net internet address = 216.116.98.7
ns2.netgateway.net internet address = 216.116.98.8
在上面的這個例子, 我們除了知道 的 IP 外, 我們還得知了 yohoo.com 是由哪部 name server 在負責的. 因此如果想要知道 真正在 yohoo.com 上的記錄是如何, 而不要有 local DNS cache 中傳回的資料, 我們可以配合使用 server 這個 command 將 default local DNS 改為負責 yohoo.com 的 DNS, 然後再查詢一次
> server 216.116.98.7
Default Server: ns1.netgateway.net
Address: 216.116.98.7
>
Server: ns1.netgateway.net
Address: 216.116.98.7
Name: yohoo.com
Address: 216.116.98.143
Aliases:
4. set type=ptr
本來要由 IP 反查 domain name時, 在直接打 IP 就行了, 但如果已經下了 type=any 的話, 要由 IP 反查時就沒那麼方便了, 此時 IP 4 個數字要倒著寫, 最後還要加上 in-addr.arpa. 以查 203.64.88.15 為例, 要輸入的就是15.88.64.203.in-addr.arpa
tung@traveler:~> nslookup
Default Server: ultra1.ndhu.edu.tw
Address: 163.28.160.11
> 203.64.88.15
Server: ultra1.ndhu.edu.tw
Address: 163.28.160.11
Name: cc5.ndhu.edu.tw
Address: 203.64.88.15
> 15.88.64.203.in-addr.arpa
Server: ultra1.ndhu.edu.tw
Address: 163.28.160.11
15.88.64.203.in-addr.arpa name = cc5.ndhu.edu.tw
88.64.203.IN-ADDR.ARPA nameserver = ultra1.ndhu.edu.tw
ultra1.ndhu.edu.tw internet address = 163.28.160.11
5. ls domain
這個命令是要求 name server 將其負責的 zone 內容 show 出來, 這個動作相當於 name server 的整份記錄從 server 端傳回給 nslookup 這個程式, 這種傳回整個 zone 的動作叫作 zone transfer
> set type=any
> ndhu.edu.tw
Server: ultra1.ndhu.edu.tw
Address: 163.28.160.11
ndhu.edu.tw nameserver = cc.ndhu.edu.tw
ndhu.edu.tw nameserver = ultra1.ndhu.edu.tw
ndhu.edu.tw
origin = cc.ndhu.edu.tw
mail addr = dnsmaster.ndhu.edu.tw
serial = 951192
refresh = 21600 (6H)
retry = 10800 (3H)
expire = 604800 (1W)
minimum ttl = 864000 (1D)
ndhu.edu.tw preference = 20, mail exchanger = relay.ndhu.edu.tw
ndhu.edu.tw preference = 30, mail exchanger = relay.edu.tw
ndhu.edu.tw preference = 0, mail exchanger = cc.ndhu.edu.tw
ndhu.edu.tw internet address = 203.64.88.11
ndhu.edu.tw nameserver = cc.ndhu.edu.tw
ndhu.edu.tw nameserver = ultra1.ndhu.edu.tw
cc.ndhu.edu.tw internet address = 203.64.88.11
ultra1.ndhu.edu.tw internet address = 163.28.160.11
relay.edu.tw internet address = 163.28.1.103
> server ns.nctu.edu.tw
Default Server: ns.nctu.edu.tw
Address: 140.113.250.135
> ls nctu.edu.tw
[ns.nctu.edu.tw]
Host or domain name Resource record info
NCTU.edu.tw SOA ns.NCTU.edu.tw hostmaster.NCTU.edu.tw. (19
99060100 86400 1800 1728000 259200)
NCTU NS server = ns1.NCTU.edu.tw
NCTU NS server = ns2.NCTU.edu.tw
NCTU NS server = ns3.NCTU.edu.tw
NCTU NS server = ns.NCTU.edu.tw
NCTU PTR host = 0.0.113.140.IN-ADDR.ARPA
NCTU PTR host = 0.0.126.140.IN-ADDR.ARPA
NCTU MX 0 ns1.NCTU.edu.tw
NCTU MX 10 mx.NCTU.edu.tw
NCTU A 140.113.1.1
ctr206 A 140.113.237.206
ctr207 A 140.113.237.207
CC-7513e1010 A 203.68.12.253
CC-7513e1010 A 203.68.12.254
ctr210 A 140.113.237.210
ctr208 A 140.113.237.208
zeus A 140.113.249.20
...
6. set d2
這個命令可顯示更詳細的訊息
> set type=any
>
Server: ultra1.ndhu.edu.tw
Address: 163.28.160.11
;; res_mkquery(0, , 1, 1)
------------
SendRequest(), len 33
HEADER:
opcode = QUERY, id = 11990, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
, type = A, class = IN
------------
------------
Got answer (195 bytes):
HEADER:
opcode = QUERY, id = 11990, rcode = NOERROR
header flags: response, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 4, additional = 4
QUESTIONS:
, type = A, class = IN
ANSWERS:
->
type = A, class = IN, dlen = 4
internet address = 140.113.250.5
ttl = 158186 (1d19h56m26s)
AUTHORITY RECORDS:
-> nctu.edu.tw
type = NS, class = IN, dlen = 5
nameserver = ns.nctu.edu.tw
ttl = 256782 (2d23h19m42s)
-> nctu.edu.tw
type = NS, class = IN, dlen = 6
nameserver = ns1.nctu.edu.tw
ttl = 256782 (2d23h19m42s)
-> nctu.edu.tw
type = NS, class = IN, dlen = 6
nameserver = ns2.nctu.edu.tw
ttl = 256782 (2d23h19m42s)
-> nctu.edu.tw
type = NS, class = IN, dlen = 6
nameserver = ns3.nctu.edu.tw
ttl = 256782 (2d23h19m42s)
ADDITIONAL RECORDS:
-> ns.nctu.edu.tw
type = A, class = IN, dlen = 4
internet address = 140.113.250.135
ttl = 453404 (5d5h56m44s)
-> ns1.nctu.edu.tw
type = A, class = IN, dlen = 4
internet address = 140.113.1.1
ttl = 256782 (2d23h19m42s)
-> ns2.nctu.edu.tw
type = A, class = IN, dlen = 4
internet address = 140.113.6.2
ttl = 406543 (4d16h55m43s)
-> ns3.nctu.edu.tw
type = A, class = IN, dlen = 4
internet address = 163.28.64.11
ttl = 1182 (19m42s)
------------
Non-authoritative answer:
Name:
Address: 140.113.250.5
