I. Host directive
Format: Host [-A] FQDN [server]
HOST-L domain [Server]
Options:
-A: Represents a list of all relevant information about the host, including IP, TTL, and error-removing messages, etc.
-L: If the next domain setting allows Allow-transfer, then list all host name data that the domain manages!
Server: This parameter is optional, when you want to use a non-/etc/resolv.conf DNS host to query the host name and IP correspondence, you can use this parameter!
# 1. Use default values to find out Baidu's IP
[Email protected] ~]# host www.baidu.com
Www.baidu.com is a alias for www.a.shifen.com.
Www.a.shifen.com has address 14.215.177.38
Www.a.shifen.com has address 14.215.177.37
# 2. Find out all the important parameters of Baidu
[Email protected] ~]# host-a www.baidu.com
Trying "Www.baidu.com"
;; ->>header<<-opcode:query, Status:noerror, id:51104
;; Flags:qr Rd RA; Query:1, Answer:1, authority:0, additional:0
;; QUESTION section:
; Www.baidu.com.INANY
;; ANSWER section:
Www.baidu.com.1022INCNAMEwww.a.shifen.com.
Received bytes from 114.114.114.114#53 in Ms <--sure is the data from the 114.114.114.114 server.
# 3. Force to 139.175.10.20 this DNS server to query
[Email protected] ~]# host linux.vbird.org 139.175.10.20
Using Domain Server:
name:139.175.10.20
address:139.175.10.20#53
Aliases:
Linux.vbird.org has address 140.116.44.180
Linux.vbird.org Mail is handled by ten linux.vbird.org.
# 4. Find all hosts in the sxjy.com domain
[Email protected] ~]# host-l sxjy.com
; Transfer failed.
; Transfer failed.
Host sxjy.com.sxjy.com not Found:9 (Notauth)
; Transfer failed.
How could it not be able to respond? This response is because the management of vbird.org domain DNS and do not allow our domain query, after all, we are not vbird.org system administrator, of course, do not have permission to read the entire vbird.org domain settings! This "Host-l" is used on its own DNS server, later in this chapter, when it comes to server settings, this option will allow you to read the relevant data.
Second, Nslookup
Format: nslookup [FQDN] [Server]
Options and Parameters:
1. Can be directly in the nslookup with the host name or IP to be queried, [server] is optional;
2. If you do not add any host name or IP after Nslookup, that will enter the Nslookup query function, in the Nslookup query function, you can enter other parameters for special queries,
For example:
Set Type=any: Lists all the information "positive solution profile"
Set TYPE=MX: List MX-related information!
Cases:
(1) Direct search of Baidu IP information
[email protected] ~]# nslookup www.baidu.com
server:114.114.114.114
address:114.114.114.114#53
Non-authoritative Answer:
Www.baidu.comcanonical name = www.a.shifen.com.
Name:www.a.shifen.com
address:14.215.177.37 #百度的一个IP
Name:www.a.shifen.com
address:14.215.177.38 #百度的另一个IP
(2) Direct input nslookup, enter the query interface
[[email protected] ~]# nslookup <== into the nslookup query screen
> 120.114.100.20
<== query to perform inverse solution
> www.ksu.edu.tw
<== executing a positive solution query
# The above two lists only the positive and negative information, there is no great place!
> Set Type=any
<== change query, not just a, all the information is listed to
> www.ksu.edu.tw
Server:
168.95.1.1
Address:
168.95.1.1#53
Non-authoritative Answer:
Name:
www.ksu.edu.tw
Address:120.114.100.101 <== This is the answer.
Authoritative answers can be found from: <== This is the relevant authoritative DNS description
ksu.edu.tw
nameserver = dns2.ksu.edu.tw.
ksu.edu.tw
nameserver = dns1.ksu.edu.tw.
dns1.ksu.edu.tw Internet address = 120.114.50.1
dns2.ksu.edu.tw Internet address = 120.114.150.1
> Exit <== leave now! Pikachu
Third, dig
Format: Dig [options] FQDN [@server]
Options and Parameters:
@server: If you do not use the/etc/resolv.conf setting as a DNS query, you can fill in the
Into the other IP
Options: A number of relevant parameters, mainly +trace,-t type and-X are the most commonly used
+trace: It's from. Start tracking and talk in 19.1.2! Look back!
-T type: The query data mainly has MX, NS, SOA and other types,
-x: Query anti-solution information, very important items!
Cases:
(1) To see the DNS query process
[Email protected] ~]# dig +trace www.baidu.com
; <<>> DiG 9.8.2rc1-redhat-9.8.2-0.37.rc1.el6 <<>> +trace www.baidu.com
;; Global options: +cmd
.253628innsm.root-servers.net.
.253628innsd.root-servers.net.
.253628innsh.root-servers.net.
.253628innse.root-servers.net.
.253628innsb.root-servers.net.
.253628innsk.root-servers.net.
.253628innsl.root-servers.net.
.253628innsf.root-servers.net.
.253628innsi.root-servers.net.
.253628innsg.root-servers.net.
.253628innsa.root-servers.net.
.253628innsc.root-servers.net.
.253628innsj.root-servers.net.
;; Received 228 bytes from 114.114.114.114#53 (114.114.114.114) in 327 ms
# The upper part is being traced. Server, from a to m.root-servers.net.
Com.172800innsa.gtld-servers.net.
Com.172800innsb.gtld-servers.net.
Com.172800innsc.gtld-servers.net.
Com.172800innsd.gtld-servers.net.
Com.172800innse.gtld-servers.net.
Com.172800innsf.gtld-servers.net.
Com.172800innsg.gtld-servers.net.
Com.172800innsh.gtld-servers.net.
Com.172800innsi.gtld-servers.net.
Com.172800innsj.gtld-servers.net.
Com.172800innsk.gtld-servers.net.
Com.172800innsl.gtld-servers.net.
Com.172800innsm.gtld-servers.net.
;; Received 491 bytes from 198.97.190.53#53 (198.97.190.53) in 706 ms
# The above section is on the server that tracks COM.
Baidu.com.172800innsdns.baidu.com.
Baidu.com.172800innsns2.baidu.com.
Baidu.com.172800innsns3.baidu.com.
Baidu.com.172800innsns4.baidu.com.
Baidu.com.172800innsns7.baidu.com.
;; Received 201 bytes from 192.33.14.30#53 (192.33.14.30) in
Www.baidu.com.1200INCNAMEwww.a.shifen.com.
A.shifen.com.1200innsns1.a.shifen.com.
A.shifen.com.1200innsns2.a.shifen.com.
A.shifen.com.1200innsns5.a.shifen.com.
A.shifen.com.1200innsns3.a.shifen.com.
A.shifen.com.1200innsns4.a.shifen.com.
;; Received 228 bytes from 119.75.219.82#53 (119.75.219.82) in MS
Let's look at the entire DNS search process! This is achieved by adding the +trace option to the dig. As for the other is the server (NS) Set value and tracking process Oh! Is it clear?
(2) querying with default values
[Email protected] ~]# dig www.baidu.com
; <<>> DiG 9.8.2rc1-redhat-9.8.2-0.37.rc1.el6 <<>> www.baidu.com
;; Global options: +cmd
;; Got Answer:
;; ->>header<<-opcode:query, Status:noerror, id:45046
;; Flags:qr Rd RA; Query:1, Answer:3, authority:0, additional:0
;; QUESTION section:
Www.baidu.com.INA <== raised the question part of asking Baidu's IP
;; ANSWER section: <== main answer stage, answer Baidu's IP
Www.baidu.com.1064INCNAMEwww.a.shifen.com.
www.a.shifen.com.39INA14.215.177.37
www.a.shifen.com.39INA14.215.177.38
;; Query time:19 msec
;; server:114.114.114.114#53 (114.114.114.114)
;; When:sun Mar 6 21:16:03 2016
;; MSG SIZE rcvd:90
QUESTION (problem): Displays the content to be queried, because we are querying the IP of linux.vbird.org, so here A (Address) is displayed;
ANSWER (answer): According to just QUESTION to query the results obtained, the answer is to answer IP Ah!
(2) Query linux.vbird.org for SOA information!
[Email protected] ~]# dig-t SOA linux.vbird.org
; <<>> DiG 9.7.0-p2-redhat-9.7.0-5.p2.el6_0.1 <<>>-T SOA linux.vbird.org
;; Global options: +cmd
;; Got Answer:
;; ->>header<<-opcode:query, Status:noerror, id:57511
;; Flags:qr Rd RA
; Query:1, answer:0, Authority:1, additional:0
;; QUESTION section:
; linux.vbird.org. In SOA
;; Authority section:
vbird.org. In SOA dns.vbird.org. root.dns.vbird.org. 2007091402 28800 7200 720000 86400
;; Query time:17 msec
;; server:168.95.1.1#53 (168.95.1.1)
;; When:thu 4 14:15:57 2011
Because the output information of dig is too rich, and divided into several parts to return, so it is suitable as a DNS tracking return of an instruction! You can use this command to find out if the DNS database you have set is correct and error-removing. ^_^! In addition, you can use the "-t type" function to query other server settings, you can set the DNS server for reference Oh! Positive solution query is complete, then play a game of anti-solution! # 3. Query the result of 120.114.100.20 information
(3) Query 112.80.248.73 (Baidu) Anti-analysis
[Email protected] ~]# dig-x 112.80.248.73
; <<>> DiG 9.8.2rc1-redhat-9.8.2-0.37.rc1.el6 <<>>-X 112.80.248.73
;; Global options: +cmd
;; Got Answer:
;; ->>header<<-opcode:query, Status:nxdomain, id:20695
;; Flags:qr Rd RA; Query:1, answer:0, Authority:1, additional:0
;; QUESTION section:
; 73.248.80.112.in-addr.arpa. In PTR
;; Authority section:
80.112.in-addr.arpa. 5 in SOA ns1.jscnc.net. Root.ns1.jscnc.net. 2010070723 10800 3600 604800 3600
;; Query time:31 msec
;; server:192.168.122.2#53 (192.168.122.2)
;; When:mon Mar 7 06:28:39 2016
;; MSG SIZE rcvd:98
The inverse solution is quite interesting! From the above output, the query target of the inverse solution turns from 112.80.248.73 to 80.112.in-addr.arpa. What the hell is this thing? Don't be afraid, we'll explain it further when we talk about the counter-solution. What you need to know now is that the query domain name of the inverse solution is not quite the same as the positive solution, especially the weird in-addr.arpa. The end of the data can be written down first.
DNS positive, anti-parsing query instruction host, dig, nslookup