DNS Tools
Background
DNS Stands for "Domain Name System". Without DNS, the Internet
would be nothing more than a muddle of IP addresses. The DNS System
allows users to type a name instead of an IP address. It also is the
basis for the SMTP email system. Also, your DNS setup for a network
can reveal information about your network to attackers. It is for this
reason that we must be able to test and administer the system effectively.
For more information on DNS, DNS Servers, DNS Health and DNS Security
visit the Men and Mice site at http://www.menandmice.com/.
What does it do?
Name Lookup
The DNS Tools included with Net Tool Box can be used for almost any
form of DNS interrogation. The most simple of these is the "Name
Resolver" tool. It basically performs a dual lookup from either
a name to an IP address or vica versa. For example, if you put in the
name "www.apple.com", it will tell you the IP address associated
with that name and also, the reverse lookup host name. You might sometimes
find that you will get nothing back from a lookup under the "Root
DNS" section. This indicates that the IP address doesn't have a
"PTR" record that is used for mapping IPs back to names.
DNS Scanner
The next tool on the list, is the DNS Scanner. This tool takes two consecutive
IP addresses and looks up the DNS name associated with each one respectively.
You can either type in two IPs, or you can have it look up the IPs for
you, by just typing in the host name. You must be careful with DNS Scanner,
because it is easy to put in a very large range, and because of the
nature of the system, it can get "frozen" quite easily. If
you are wanting to look up a whole IP segment (first one ending "0",
last ending "255"), first try a Zone Transfer using the "DNS
Lookup" tool.
MX Lookup
If you have ever wondered how your email reaches it's destination mailbox,
using MX Lookup, you can easily find out. The SMTP system used when
sending emails relies on DNS to tell it where to direct any mail for
specific domain names. It finds this information by looking up a domain's
"MX Records" from the DNS server. For example, if I wanted
to see where any email to steve.jobs@apple.com goes; I type in "apple.com"
into the domain field. The resolver will then lookup the MX records
for "apple.com" and return a list of mail servers that are
allowed to receive mail on behalf of Steve Jobs. It is assumed that
these servers will place any email for him in the correct location.
The reason there are multiple servers, is for redundancy (backups).
If the primary server is unreachable, the mail will be sent to the next
one on the list and if that one is unreachable it will go to the next
one on the list, etc. The order of preference is also specified alongside
an MX record - this determines which server to try first.
DNS Query
This
tool is the mother of all DNS tools. As you may know, DNS isn't as simple
as just name to IP mapping and mail server address storage; there's
a lot more to it. It's for this reason, we need to have a tool that
can lookup everything that the DNS system holds. It would take too long
for me to explain everything that the 'DNS Query' tool does because
that would involve documenting the whole DNS architecture, so I will
explain with an example (you can figure the rest out quite easily).
So, say you perform a straightforward name lookup on "www.apple.com"
and find that it maps to 17.254.0.91. But instead of mapping back to
"www.apple.com", notice that it maps to "www.apple.com.akadns.net".
Why is this? There's only one way to find out! If you open a 'DNS Query'
window , type in "www.apple.com" and hit "Query"
(the "Record Type" can be left as "ANY"), Net Tool
Box should query your local DNS server, and in turn apple's one to give
you a whole load of extra info.
When the results appear, you will see all the authoritative name servers
for apple.com in the "Authoritative Section", these are apple's
official servers. They're provided because there may be apple.com records
cached on hundreds of other servers on the net so we always need to
know where the records originated. We need to know this because when
they expire, or the local DNS server doesn't have a record it was asked
for, it knows where to find them.
If you then click on the "Answers Section", you will be presented
with all the records you queried for. Seeing as you queried for "Any"
records, you will see whatever records your DNS server thought appropriate
to give you. In most cases this will be all the info needed to resolve
the name to an IP or visa versa, depending on the query. In our case
you should receive (possibly amongst other things) a "CNAME"
record. This record is a sort of alias, telling us that the name we
asked for is actually just another name for this REAL host, which you
can then lookup in turn. You will find by looking up that host, that
you are given an "A" record, which is an 'address' record
pointing to a real IP address. The address shown is the target. Any
"Additional" records you receive are prescribed just for your
convenience. They tell you anything else you might need to find your
target.
So that, quite complex, procedure is what a recursive DNS resolver does
every time you request a host name over the net.
Note: You can specify a DNS server to
query by selecting "Use This Server:" and typing in it's
IP address in the field provided.
<< Back to Index
|