Using Name Resolution Tools
Using DNS for name resolution works great—unless it doesn’t work
correctly, that is. Then it can be a royal inconvenience for you
because your end users won’t be able to check their stock prices or
manage their fantasy baseball team. Fortunately, there are several
tools you can use to troubleshoot name resolution on your network:
• dig
• host
• getent
dig
You can use the Domain Information Groper (dig) utility to perform a
DNS lookup on your DNS server and display detailed information about
the hostname being resolved and about the DNS server itself. If you
don’t specify a particular DNS server with the dig command, the DNS
servers configured in the resolv.conf file will be used. The syntax is
dig @dns_server hostname
An example is shown in Figure 15-18.
The output from dig is considerably more extensive than that displayed
by other DNS troubleshooting tools such as nslookup and host. The
dig command returns the IP address associated with the hostname in the
ANSWER SECTION. It also lists the authoritative name server for the
hostname and zone in the AUTHORITY SECTION.
You can use the following options with dig:
• a
Resolve A record information
• ptr
Resolve a PTR record
• cname
Resolve CNAME record information
• in
Resolve Internet record information
• mx
Resolve MX record information
• soa
Resolve start of authority information
You can also use the host command to resolve hostnames.
Whereas the dig command provides extensive name resolution information, host
provides simple, quick information. The syntax is similar to that used
with dig. You enter
host hostname DNS_server
at the shell prompt.
Again, if you don’t specify a DNS server, the default DNS server specified in
/etc/resolv.conf
will be used.
An example of using host is shown here:
openSUSE:/ # host www.google.com
www.google.com has address 74.125.239.49
www.google.com has address 74.125.239.48
www.google.com has address 74.125.239.50
www.google.com has address 74.125.239.52
www.google.com has address 74.125.239.51
www.google.com has IPv6 address 2607:f8b0:4005:800::1011
getent
In addition to host and dig, you can also use getent to test your name
resolution system. One of the weaknesses of the host and dig commands
is that they don’t actually follow the same process for name
resolution as applications and services running on your system do.
If an application such as a web browser needs to resolve a hostname to an
IP address, it first queries your
/etc/hosts
file. If an entry for the host in question can’t be found there, it uses the DNS server you
configured to resolve the hostname.
However, the dig and host commands don’t do this. They skip the hosts
file completely and go directly to your DNS server to test name
resolution. This is an issue of concern! Many phishing and pharming
attacks exploit the hosts file to redirect URLs to malicious websites
where users’ personal information can be gleaned. As you can see,
using host or dig will not reveal such an attack because they don’t
look at the hosts file.
The good news is that getent does. The syntax for using getent to test
name resolution is to enter
getent hosts hostname
at the shell prompt.
An example is shown next:
openSUSE:/ # getent hosts router1
10.0.0.1 router1
In this example, an entry for the router1 hostname exists in the hosts
file, so getent was able to grab it and display it on the screen.
If the hosts file doesn’t have an entry for the hostname specified, it
will try to resolve it via DNS, just like a regular application would.
An example is shown next:
openSUSE:/ # getent hosts www.nebo-tech.com
98.139.135.199 sbsfe-p11.geo.mf0.yahoodns.net www.nebo-tech.com
TIP The getent command can query any data configured in your
/etc/nsswitch.conf
file. For example, you can enter
getent passwd
at the shell prompt to pull entries out of your passwd file.
LX0-104 Exam Objectives (T)
No comments:
Post a Comment