Linux with Operating System Concepts

192
◾
Linux with Operating System Concepts
value is the minimum TTL, which is used by nonauthoritative DNS servers to retain 
cached entries.
The remainder of the DNS table lists the various device names found in the domain. 
These will include ordinary devices, mail servers, name servers, and other devices. These 
types are denoted by A, for devices that use IPv4 addresses, AAAA for devices that use 
IPv6 addresses, MX for mail servers, and NS for name servers. These entries consist of the 
machine name, IN, the type, and the IP address, for instance,
mymachine.hh.nku.edu IN A 1.2.3.4
Some entries have the type CNAME, a canonical name. A canonical name is the true 
name for an alias. In this case, there should be (at least) two entries in the table, one that 
maps the alias to the machine’s true name, and one that maps the true name to its IP 
address. For instance, you might see
mymachine.hh.nku.edu CNAME machine1.hh.nku.edu
machine1.hh.nku.edu A 
1.2.3.4
so that mymachine is the alias for the true name machine1.
Now that we have some understanding of the DNS server, we can now explore the 
last three Linux programs. Of the three programs, 
nslookup
is the oldest and most 
primitive, but this also makes it the easiest to use. The nslookup instruction expects as a 
parameter the IP alias of the computer whose IP address you wish to look up. Optionally, 
you can also specify a DNS server IP address to act as the server to perform the lookup. 
The format is
nslookup 
IP_alias
[
DNS_IP_address
]
where the DNS_IP_address is optional.
The response from nslookup provides all IP addresses known for the IP alias and 
also lists the IP address of the DNS server used. Consider the three nslookup command 
responses in Figure 5.9. The first case is a request to look up www.nku.edu, sent to a DNS 
server that is the master for that domain and so, the response is authoritative. The second 
has a nonauthoritative response because the response did not come from a centos.com 
DNS authority. The third is also a nonauthoritative response, but is of interest because 
of the number of responses. We receive multiple IP addresses because google has several 
physical IP addresses to support their servers.
Both the dig (domain information groper) and host programs permit a number of 
options and provide more detailed feedback than nslookup. Both dig and host will return 
portions of the DNS server table.
With dig, the –t option allows you to specify the type of entry you are interested in. So, 
rather than returning information about a specific machine, you can query the DNS server 
for all devices in the domain that match the type. Consider 
dig –t MX google.com
. 

Linux Applications
◾
193
This will ask the google.com domain’s DNS server to return all devices that are denoted as 
mail servers. The response provides several entries of the form
google.com 
460 
IN MX 20 address
The value 460 indicates a TTL while 20 is used in load balancing since there are a num-
ber of entries (each with a different value).
Alternatively, try 
dig –t MX nku.edu
. Here, you will find that the TTL value is 
static (does not change) from 3600. The command 
dig –t NS google.com
gives much 
$ nslookup www.nku.edu
Server: 172.28.102.11
Address: 172.28.102.11#53
www.nku.edu canonical name 
=
hhilwb6005.hh.nku.edu.
Name: hhilwb6005.hh.nku.edu
Address: 172.28.119.82
$ nslookup www.centos.com
;; Got recursion not available from 172.28.102.11, 
trying next server
;; Got recursion not available from 172.28.102.13, 
trying next server
Server: 10.11.0.51
Address: 10.11.0.51#53
Non-authoritative answer:
Name: www.centos.com
Address: 87.106.187.200
$ nslookup www.google.com
Server: 172.28.102.11
Address: 172.28.102.11#53
Non-authoritative answer:
www.google.com 
canonical name 
=
www.l.google.com.
Name: www.l.google.com
Address: 74.125.227.51
Name: www.l.google.com
Address: 74.125.227.49
Name: www.l.google.com
Address: 74.125.227.48
(additional addresses omitted)
FIGURE 5.9 
nslookup Command Responses

194
◾
Linux with Operating System Concepts
the same type of response except that the TTL is very large and there is no load-balancing 
value specified.
The dig command actually responds with several different sections. First, the dig com-
mand responds with a repeat of the command’s arguments. It then summarizes the response 
as a header, a type of operation (Query), status (NOERROR), an ID number, flags, and the 
number of responses received from the DNS server. These are divided into a question (or 
query) section that in essence repeats the request, the number of items in an ANSWER sec-
tion, number of items in an AUTHORITY section, and number of ADDITIONAL items. 
Figure 5.10 demonstrates the result from the query 
dig –t NS www.nku.edu
. In this 
case, we are querying a DNS for a specific machine’s information so there are fewer entries 
in the response.
Aside from –t, dig can also be queried using option –c to specify a class (IN is the only 
class we examine here), -p to specify a port, -6 to indicate that only IPv6 addresses should 
be used, and –b to send the dig command to a specified DNS server. Additionally, you can 
request responses of multiple machine and/or domain names. If preferred, you can place 
the request information in a file using 
dig –f 

Download 5,65 Mb.

Do'stlaringiz bilan baham: