Net Tool Box - The Ultimate Mac Networking Utility


| About | Features | Order | Support

DNS Tools

Background

DNS Stands for "Domain Name System". Without DNS, the Internet would be nothing more than a muddle of IP addresses. The DNS System allows users to type a name instead of an IP address. It also is the basis for the SMTP email system. Also, your DNS setup for a network can reveal information about your network to attackers. It is for this reason that we must be able to test and administer the system effectively.
For more information on DNS, DNS Servers, DNS Health and DNS Security visit the Men and Mice site at http://www.menandmice.com/.

What does it do?

Name Lookup
The DNS Tools included with Net Tool Box can be used for almost any form of DNS interrogation. The most simple of these is the "Name Resolver" tool. It basically performs a dual lookup from either a name to an IP address or vica versa. For example, if you put in the name "www.apple.com", it will tell you the IP address associated with that name and also, the reverse lookup host name. You might sometimes find that you will get nothing back from a lookup under the "Root DNS" section. This indicates that the IP address doesn't have a "PTR" record that is used for mapping IPs back to names.

DNS Scanner
The next tool on the list, is the DNS Scanner. This tool takes two consecutive IP addresses and looks up the DNS name associated with each one respectively. You can either type in two IPs, or you can have it look up the IPs for you, by just typing in the host name. You must be careful with DNS Scanner, because it is easy to put in a very large range, and because of the nature of the system, it can get "frozen" quite easily. If you are wanting to look up a whole IP segment (first one ending "0", last ending "255"), first try a Zone Transfer using the "DNS Lookup" tool.

MX Lookup
If you have ever wondered how your email reaches it's destination mailbox, using MX Lookup, you can easily find out. The SMTP system used when sending emails relies on DNS to tell it where to direct any mail for specific domain names. It finds this information by looking up a domain's "MX Records" from the DNS server. For example, if I wanted to see where any email to steve.jobs@apple.com goes; I type in "apple.com" into the domain field. The resolver will then lookup the MX records for "apple.com" and return a list of mail servers that are allowed to receive mail on behalf of Steve Jobs. It is assumed that these servers will place any email for him in the correct location. The reason there are multiple servers, is for redundancy (backups). If the primary server is unreachable, the mail will be sent to the next one on the list and if that one is unreachable it will go to the next one on the list, etc. The order of preference is also specified alongside an MX record - this determines which server to try first.

DNS Query
This tool is the mother of all DNS tools. As you may know, DNS isn't as simple as just name to IP mapping and mail server address storage; there's a lot more to it. It's for this reason, we need to have a tool that can lookup everything that the DNS system holds. It would take too long for me to explain everything that the 'DNS Query' tool does because that would involve documenting the whole DNS architecture, so I will explain with an example (you can figure the rest out quite easily).

So, say you perform a straightforward name lookup on "www.apple.com" and find that it maps to 17.254.0.91. But instead of mapping back to "www.apple.com", notice that it maps to "www.apple.com.akadns.net". Why is this? There's only one way to find out! If you open a 'DNS Query' window , type in "www.apple.com" and hit "Query" (the "Record Type" can be left as "ANY"), Net Tool Box should query your local DNS server, and in turn apple's one to give you a whole load of extra info.

When the results appear, you will see all the authoritative name servers for apple.com in the "Authoritative Section", these are apple's official servers. They're provided because there may be apple.com records cached on hundreds of other servers on the net so we always need to know where the records originated. We need to know this because when they expire, or the local DNS server doesn't have a record it was asked for, it knows where to find them.

If you then click on the "Answers Section", you will be presented with all the records you queried for. Seeing as you queried for "Any" records, you will see whatever records your DNS server thought appropriate to give you. In most cases this will be all the info needed to resolve the name to an IP or visa versa, depending on the query. In our case you should receive (possibly amongst other things) a "CNAME" record. This record is a sort of alias, telling us that the name we asked for is actually just another name for this REAL host, which you can then lookup in turn. You will find by looking up that host, that you are given an "A" record, which is an 'address' record pointing to a real IP address. The address shown is the target. Any "Additional" records you receive are prescribed just for your convenience. They tell you anything else you might need to find your target.

So that, quite complex, procedure is what a recursive DNS resolver does every time you request a host name over the net.

Note: You can specify a DNS server to query by selecting "Use This Server:" and typing in it's IP address in the field provided.

<< Back to Index



© Charlie Boisseau 2005
3.83.187.36

Valid HTML 4.01! Valid CSS!