Monday man page: dig, host & nslookup

For this week's Monday man page, it's a triple threat: dig, host, and nslookup. All three utilities are included with the BIND (Berkeley Internet Name Domain) version 9 package, part of every Mac OS X 10.4 installation, and all three do pretty much the same task: translate hostnames to IP addresses and vice versa. In 10.3.9 and earlier, the Network Utility 'lookup' tab was a front-end for nslookup, with an option via checkbox to use dig instead; starting in 10.4 the checkbox is gone and the utility is dig-only.

If you want a good introduction to how DNS works, the MacDevCenter has an excellent primer, and I can also heartily recommend DNS and BIND, possibly the most comprehensible book about a complicated subject that I've ever read. After the jump, we'll talk a bit more about how DNS lookup tools are useful, and why you might prefer one of this troika to the others.

In a nutshell, the Domain Name System is the piece of Internet plumbing that allows us to use friendly, human-readable names (like www.tuaw.com) and have them reliably and rapidly translated into computer-readable IPv4 or IPv6 addresses (205.188.99.132). While you can run a DNS server on Mac OS X or OS X Server (in the form of BIND or djbdns) for your local network, most users are DNS 'customers' only and use the BIND resolver that's built into the system.

Generally, you go looking for a DNS tool when something isn't working correctly; either you want to make sure that the remote host is listed as it should be, or verify that your local DNS services or your ISP's server is behaving as it should. So what's up with the three different tools? Let's take them in reverse order of (my) preferences...

nslookup is the oldest and creakiest of the three, with some quirks that make it less than helpful in troubleshooting DNS problems. Although it was deprecated with the BIND 9 release, it's still available in 10.4 and still works...

nslookup www.fred.com Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: Name: www.fred.com Address: 213.11.172.228

Notice that nslookup does helpfully report the DNS server it's querying; since it doesn't work through your built-in resolver, it's good to know what it thinks it's talking to. If you inadvertently start nslookup without specifying a host, you'll end up in interactive mode; you may have a few false starts before finding the 'exit' command:

nslookup > help The 'help' command is not yet implemented. > quit Server: 192.168.1.1 Address: 192.168.1.1#53 ** server can't find quit: NXDOMAIN > exit

Moving on: host is your basic, no-frills DNS inquiry tool. Ask and ye shall receive...

host www.fred.com www.fred.com has address 213.11.172.228

To specify a different name server for host to query, just list it after the target machine:

host www.apple.com cache01.ns.uu.net Using domain server: Name: cache01.ns.uu.net Address: 198.6.1.2#53 Aliases: www.fred.com has address 213.11.172.228 Using domain server: Name: cache01.ns.uu.net Address: 198.6.1.2#53 Aliases: Using domain server: Name: cache01.ns.uu.net Address: 198.6.1.2#53 Aliases:

host can also do reverse lookups, identifying a hostname from an IP address:

host 64.78.41.125 125.41.78.64.in-addr.arpa domain name pointer intermedia.net.

If you need more detail, the -a flag to host can give you output that may seem oddly familiar:

host -a fred.com Trying "fred.com" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24101 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;fred.com. IN ANY ;; ANSWER SECTION: fred.com. 172800 IN NS b.ns.domainoo.fr. fred.com. 172800 IN NS a.ns.domainoo.fr. ;; AUTHORITY SECTION: fred.com. 172800 IN NS b.ns.domainoo.fr. fred.com. 172800 IN NS a.ns.domainoo.fr. ;; ADDITIONAL SECTION: a.ns.domainoo.fr. 2435 IN A 193.111.80.110 b.ns.domainoo.fr. 2435 IN A 62.4.78.145 Received 132 bytes from 192.168.1.1#53 in 106 ms

The reason that looks familiar is because it's exactly what you'd see as the default output of dig. Funny, that. Of the three tools, dig has the most complete controls -- making it easy to specify which servers to query and how to talk to them -- and a few outstanding features. The -k option lets you use cryptographically signed DNS queries (dnssec/TSIG), which you'd need in some situations; the -f option lets you read hosts from a batch file for automatic checking; and dig, unlike the other tools, allows you to queue up several queries on one command line, which you can see below.

dig has a slew of options beyond those three, making it adept for scripted usage if needed; the man page is heavy reading. For casual use, host is fine; for true DNS mastery dig is your friend.

Here's that multi-query example:

dig www.tuaw.com www.apple.com intel.com ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62631 ;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 8, ADDITIONAL: 8 ;; QUESTION SECTION: ;www.tuaw.com. IN A ;; ANSWER SECTION: www.tuaw.com. 242788 IN CNAME acblogs.web.aol.com. acblogs.web.aol.com. 335 IN CNAME acblogs.web.aol.com.websys.akadns.net. acblogs.web.aol.com.websys.akadns.net. 51 IN A 205.188.99.132 acblogs.web.aol.com.websys.akadns.net. 51 IN A 205.188.224.132 acblogs.web.aol.com.websys.akadns.net. 51 IN A 205.188.96.132 acblogs.web.aol.com.websys.akadns.net. 51 IN A 205.188.97.132 acblogs.web.aol.com.websys.akadns.net. 51 IN A 205.188.98.132 ;; AUTHORITY SECTION: akadns.net. 69722 IN NS za.akadns.org. akadns.net. 69722 IN NS zb.akadns.org. akadns.net. 69722 IN NS zc.akadns.org. akadns.net. 69722 IN NS zd.akadns.org. akadns.net. 69722 IN NS eur1.akadns.net. akadns.net. 69722 IN NS eur7.akadns.net. akadns.net. 69722 IN NS usw5.akadns.net. akadns.net. 69722 IN NS asia9.akadns.net. ;; ADDITIONAL SECTION: za.akadns.org. 44543 IN A 81.52.250.132 zb.akadns.org. 44547 IN A 206.132.100.105 zc.akadns.org. 44547 IN A 63.209.3.132 zd.akadns.org. 44547 IN A 63.209.3.132 eur1.akadns.net. 94843 IN A 213.254.204.197 eur7.akadns.net. 99365 IN A 193.108.94.88 usw5.akadns.net. 99365 IN A 63.241.73.200 asia9.akadns.net. 99365 IN A 220.73.220.4 ;; Query time: 11 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Mon Jan 29 01:14:11 2007 ;; MSG SIZE rcvd: 474 ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23749 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 8, ADDITIONAL: 8 ;; QUESTION SECTION: ;www.apple.com. IN A ;; ANSWER SECTION: www.apple.com. 1739 IN CNAME www.apple.com.akadns.net. www.apple.com.akadns.net. 16 IN A 17.112.152.32 ;; AUTHORITY SECTION: akadns.net. 69758 IN NS eur7.akadns.net. akadns.net. 69758 IN NS usw5.akadns.net. akadns.net. 69758 IN NS asia9.akadns.net. akadns.net. 69758 IN NS za.akadns.org. akadns.net. 69758 IN NS zb.akadns.org. akadns.net. 69758 IN NS zc.akadns.org. akadns.net. 69758 IN NS zd.akadns.org. akadns.net. 69758 IN NS eur1.akadns.net. ;; ADDITIONAL SECTION: za.akadns.org. 44575 IN A 81.52.250.132 zb.akadns.org. 44575 IN A 206.132.100.105 zc.akadns.org. 44575 IN A 63.209.3.132 zd.akadns.org. 44575 IN A 63.209.3.132 eur1.akadns.net. 89040 IN A 213.254.204.197 eur7.akadns.net. 92179 IN A 193.108.94.88 usw5.akadns.net. 114541 IN A 63.241.73.200 asia9.akadns.net. 90093 IN A 220.73.220.4 ;; Query time: 10 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Mon Jan 29 01:14:11 2007 ;; MSG SIZE rcvd: 368 ; <<>> DiG 9.3.2 <<>> www.tuaw.com www.apple.com intel.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10435 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;intel.com. IN A ;; ANSWER SECTION: intel.com. 300 IN A 198.175.96.33 ;; AUTHORITY SECTION: intel.com. 3915 IN NS ns1.intel.com. intel.com. 3915 IN NS ns2.intel.com. intel.com. 3915 IN NS ns3.intel.com. intel.com. 3915 IN NS ns4.intel.com. ;; ADDITIONAL SECTION: ns1.intel.com. 129447 IN A 192.55.52.33 ns2.intel.com. 70029 IN A 143.182.124.19 ns3.intel.com. 97700 IN A 143.183.152.22 ns4.intel.com. 70029 IN A 192.102.198.240 ;; Query time: 91 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Mon Jan 29 01:14:11 2007 ;; MSG SIZE rcvd: 179