Tools Commonly Used in Networking

1. `nslookup`#

1.1. Query `A Record`#

# basic DNS lookup
$ nslookup google.com                             
Server:		192.168.2.1
Address:	192.168.2.1#53

Non-authoritative answer:
Name:	google.com
Address: 142.250.81.238

1.2. Reverse DNS look-up#

$ nslookup 18.219.46.189                          
Server:		192.168.2.1
Address:	192.168.2.1#53

Non-authoritative answer:
189.46.219.18.in-addr.arpa	name = ec2-18-219-46-189.us-east-2.compute.amazonaws.com.

Authoritative answers can be found from:
46.219.18.in-addr.arpa	nameserver = ns1-24-us-east-2.ec2-rdns.amazonaws.com.

1.3. Query name server#

$ nslookup -type=ns google.com
Server:		192.168.2.1
Address:	192.168.2.1#53

Non-authoritative answer:
google.com	nameserver = ns1.google.com.
google.com	nameserver = ns3.google.com.
....

When using the nslookup utility to query Domain Name System (DNS) servers, you could see the message “Non-authoritative answer.” This tells you that the DNS server you’re asking can’t ensure that it has the official, up-to-date information for the domain name or IP address you’re seeking up and is instead giving you a cached response that it got from another DNS server.

Please note that getting non-authoritative answers doesn’t mean incorrect or unreliable. However, if you need the most accurate and up-to-date information, it is recommended to use authoritative DNS servers for queries.

Reference:

Nslookup Command in Linux with Examples - GeeksforGeeks

Why is “Non-authoritative answer” given by nslookup? DNS Explained

1.4. Get authoritative answer#

Step 1: Use the nslookup command to query the SOA (Start of Authority) record of the domain name. The SOA record contains information about the authoritative name servers for the domain.

❯ nslookup -type=soa davidzhu.xyz
Non-authoritative answer:
...

Authoritative answers can be found from:
davidzhu.xyz	nameserver = ns1.dnsowl.com.
davidzhu.xyz	nameserver = ns2.dnsowl.com.
davidzhu.xyz	nameserver = ns3.dnsowl.com.

Step 2: Identify the primary name server from previous response:

❯ nslookup davidzhu.xyz ns1.dnsowl.com
Server:		ns1.dnsowl.com
Address:	162.159.27.173#53

Name:	davidzhu.xyz
Address: 185.199.108.153

2. `dig`#

dig command stands for Domain Information Groper. It is used for retrieving information about DNS name servers. Dig command replaces older tools such as nslookup and the host.

2.1. Query `A Record`#

To query domain “A” record with +short:

$ dig geeksforgeeks.org +short
34.218.62.116

Specify DNS server:

$ dig geeksforgeeks.org +short @8.8.8.8

By default, dig command will query the name servers listed in “/etc/resolv.conf” to perform a DNS lookup. We can change it by using @ symbol followed by a hostname or IP address of the name server.

Learn more about /etc/resolv.conf and /etc/hosts: DNS Stub and Recursive Resolver - Config Files - David’s Blog

2.2. Reverse DNS lookup#

❯ dig -x 18.219.46.189 +short
ec2-18-219-46-189.us-east-2.compute.amazonaws.com.

2.3. Query name server#

❯ dig davidzhu.xyz NS +short
ns1.dnsowl.com.
ns2.dnsowl.com.
ns3.dnsowl.com.

3. dig vs nslookup#

dig Process:
- dig follows the standard DNS resolution process, starting with a query to the root name servers to obtain the list of TLD name servers.
- It then queries a TLD name server to obtain the authoritative name servers for the domain.
- After obtaining the authoritative name servers, dig sends a direct query to one of these name servers to retrieve the A record for the domain.
- The response obtained from dig is typically authoritative, as it comes directly from the authoritative name server responsible for the domain.
nslookup Process:
- nslookup queries the DNS server configured on the local system by default. This DNS server may be provided by the ISP or manually configured.
- The response from nslookup may be non-authoritative, indicating that the DNS server providing the response is not the authoritative server for the queried domain. It may have obtained the response from its cache or forwarded the query to another DNS server.

In summary, dig directly queries authoritative name servers to obtain DNS information, resulting in authoritative responses. On the other hand, nslookup queries the local DNS server, which may or may not provide authoritative responses, depending on its configuration and the nature of the query.