This is a file I created in the spring of 2004, so some names may have changed. Nevertheless, please read this file and do similar excercises for yourself. Computers attached to the Internet usually have a name as well as an IP address. Some computers have more than one name, in that case one is the ``real'' name and the others are aliases. Some computers have more than one IP address, this might mean they are multi-homed. (But, see below.) For example: The computer alizarin.njit.edu has IP address 128.235.204.81 and alias afs1.njit.edu . More about the structure of names will be given in Chapter 18 of Forouzan. (The Domain Name Service, DNS). This note gives enough information to let students use nslookup and dig for dns queries. In ``alizarin.njit.edu'', alizarin.njit.edu is the name of a computer in the domain njit.edu . Inside that domain we often can call it shortly ``alizarin''. If we know the name of a computer, or its alias, we can get more information by doing a ``dns quey''. nslookup and dig can be used to do that query: --- maan-1811 ott>: nslookup afs1.njit.edu Server: dns1.njit.edu Address: 128.235.251.10 Name: alizarin.njit.edu Address: 128.235.204.81 Aliases: afs1.njit.edu maan-1812 ott>: nslookup afs1 Server: dns1.njit.edu Address: 128.235.251.10 Name: alizarin.njit.edu Address: 128.235.204.81 Aliases: afs1.njit.edu maan-1813 ott>: nslookup alizarin Server: dns1.njit.edu Address: 128.235.251.10 Name: alizarin.njit.edu Address: 128.235.204.81 maan-1814 ott>: --- Try what happens if you type nslookup alizarin.njit.edu . We see that the dns query is handled by the dns server dns1.njit.edu , that that dns server has IP address 128.235.251.10 , that indeed afs1 is an alias, and that alizarin has IP address 128.235.204.81 . We could have gotten the same information using ``dig''. Only, dig insists on complete addresses. But then it gives lots of information! --- maan-1815 ott>: dig afs1.njit.edu ; <<>> DiG 8.3 <<>> afs1.njit.edu ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 3 ;; QUERY SECTION: ;; afs1.njit.edu, type = A, class = IN ;; ANSWER SECTION: afs1.njit.edu. 1D IN CNAME alizarin.njit.edu. alizarin.njit.edu. 1D IN A 128.235.204.81 ;; AUTHORITY SECTION: njit.edu. 1D IN NS ns1.uthscsa.edu. njit.edu. 1D IN NS dns1.njit.edu. njit.edu. 1D IN NS auth00.ns.uu.net. njit.edu. 1D IN NS mail-gw2.njit.edu. ;; ADDITIONAL SECTION: ns1.uthscsa.edu. 1D IN A 129.111.140.66 dns1.njit.edu. 1D IN A 128.235.251.10 auth00.ns.uu.net. 1d15h50m50s IN A 198.6.1.65 ;; Total query time: 3 msec ;; FROM: maan.njit.edu to SERVER: default -- 128.235.251.10 ;; WHEN: Mon Jan 26 13:04:34 2004 ;; MSG SIZE sent: 31 rcvd: 216 maan-1816 ott>: --- You may need to read Forouzan Ch 18, or some IETF RFCs (starting with RFCs 1034 and 1035) to understand everything dig tells you. If you know an IP address, you can do an dns inverse query to get the name (I should say: to get the domain name). nslookup and dig can be used for inverse queries: --- maan-1816 ott>: nslookup 128.235.204.81 Server: dns1.njit.edu Address: 128.235.251.10 Name: alizarin.njit.edu Address: 128.235.204.81 maan-1817 ott>: --- You can also use ``dig'', but you must use an option ``-x'': --- maan-1818 ott>: dig -x 128.235.204.81 ; <<>> DiG 8.3 <<>> -x ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3 ;; QUERY SECTION: ;; 81.204.235.128.in-addr.arpa, type = ANY, class = IN ;; ANSWER SECTION: 81.204.235.128.in-addr.arpa. 1D IN PTR alizarin.njit.edu. ;; AUTHORITY SECTION: 235.128.in-addr.arpa. 1D IN NS auth00.ns.uu.net. 235.128.in-addr.arpa. 1D IN NS mail-gw2.njit.edu. 235.128.in-addr.arpa. 1D IN NS ns1.uthscsa.edu. 235.128.in-addr.arpa. 1D IN NS dns1.njit.edu. ;; ADDITIONAL SECTION: ns1.uthscsa.edu. 1D IN A 129.111.140.66 dns1.njit.edu. 1D IN A 128.235.251.10 auth00.ns.uu.net. 1d15h39m53s IN A 198.6.1.65 ;; Total query time: 3 msec ;; FROM: maan.njit.edu to SERVER: default -- 128.235.251.10 ;; WHEN: Mon Jan 26 13:15:31 2004 ;; MSG SIZE sent: 45 rcvd: 222 maan-1819 ott>: --- This also works for computers ``far away''. By doing a search for novosibirsk in Google I found that the website of the University of Novosibirsk (In Siberia, in Russia) is http://www.nsu.ru/english/ . Next: --- maan-1819 ott>: nslookup www.nsu.ru Server: dns1.njit.edu Address: 128.235.251.10 Non-authoritative answer: Name: aurora.nsu.ru Address: 193.124.215.195 Aliases: www.nsu.ru maan-1820 ott>: nslookup aurora.nsu.ru Server: dns1.njit.edu Address: 128.235.251.10 Non-authoritative answer: Name: aurora.nsu.ru Address: 193.124.215.195 maan-1821 ott>: nslookup 193.124.215.195 Server: dns1.njit.edu Address: 128.235.251.10 Name: aurora.nsu.ru Address: 193.124.215.195 --- That is funny! Yesterday the dns reverse query did not work (for this address)! (At least, not with nslookup . It did work with dig -x .) Let's try another website in Russia (in Nizhny Novgorod). Search for novgorod on Google, I chose: http://www.unn.runnet.ru/nn/ --- maan-1822 ott>: nslookup www.unn.runnet.ru Server: dns1.njit.edu Address: 128.235.251.10 Non-authoritative answer: Name: www.unn.runnet.ru Address: 62.76.114.57 maan-1823 ott>: nslookup 62.76.114.57 Server: dns1.njit.edu Address: 128.235.251.10 Name: sciedu.city.ru Address: 62.76.114.57 maan-1824 ott>: --- Worked! Did not work yesterday! Apparently not in the weekends. (But notice the query and inverse query do not agree: Somebody is being sloppy in Nizhny Novgorod! www.unn.runnet.ru must be an alias, sciedu.city.ru must be the real name.) While ``ordinary'' dns queries usually work, ``inverse queries'' do not always work with nslookup, but then usually still work with dig. (dig -x). Comer Ch 24 explains why an ordinary query is easier than a reverse query. At the beginning of this note I said a computer might have multiple IP addresses if it is ``multi-homed''. That is true. However: maan-1233 ott>: nslookup www.yahoo.com Server: dns1.njit.edu Address: 128.235.251.10 Non-authoritative answer: Name: www.yahoo.akadns.net Addresses: 216.109.117.207, 216.109.118.67, 216.109.118.68, 216.109.118.70 216.109.118.72, 216.109.118.79, 216.109.117.108, 216.109.117.205 Aliases: www.yahoo.com maan-1234 ott>: Do you think this means there is 1 computer called ``www.yahoo.com'' which has 8 addresses? NO! I am fairly sure these are 8 different computers, sharing the name www.yahoo.com , and that they are used to share the work of responding to all queries to www.yahoo.com . Go to any unix or linux or solaris computer. Log on and do man nslookup man dig Now try out queries yourself. Find the name of some computer in Africa or Asia or Australia or Europe, then find the IP address, then see whether the dns inverse query works.