對winxp有效,在LINUX中已不推薦使用nslookup,而改用dig host等
nslookup 使用說明
有些時候, user 可能會想要手動查詢 DNS 上一些資料, 或者是要看看 DNS 是否有問題, 此時我們最常用的工具就是 nslookup 了, 基本上 nslookup 會根據 /etc/resolv.conf 的內容去找到所要使用的 local DNS server.
使用說明
打入 nslookup 命令後, 會看到 > 提示符號, 此時打 ? 就會出現 nslookup 說明
Default Server:?sun4.ee.ncku.edu.tw
Address:?140.116.72.14
>?
$Id: nslookup.help,v 8.4 1996/10/25 18:09:41 vixie Exp $
Commands:??? (identifiers are shown in uppercase, [] means optional)
NAME??????- print info about the host/domain NAME using default server
NAME1 NAME2?? - as above, but use NAME2 as server
help or ???? - print info on common commands; see nslookup(1) for details
set OPTION???- set an option
? all???? - print options, current server and host
? [no]debug? - print debugging information
? [no]d2???- print exhaustive debugging information
? [no]defname - append domain name to each query
? [no]recurse - ask for recursive answer to query
? [no]vc???- always use a virtual circuit
? domain=NAME - set default domain name to NAME
? srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1,N2, etc.
? root=NAME? - set root server to NAME
? retry=X?? - set number of retries to X
? timeout=X? - set initial time-out interval to X seconds
? querytype=X - set query type, e.g., A,ANY,CNAME,HINFO,MX,PX,NS,PTR,SOA,TXT,WKS,SRV,NAPTR
? port=X???- set port number to send query on
? type=X???- synonym for querytype
? class=X?? - set query class to one of IN (Internet), CHAOS, HESIOD or ANY
server NAME?? - set default server to NAME, using current default server
lserver NAME??- set default server to NAME, using initial server
finger [USER]? - finger the optional USER at the current default host
root??????- set current default server to the root
ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE)
? -a?????-?list canonical names and aliases
? -h?????-?list HINFO (CPU type and operating system)
? -s?????-?list well-known services
? -d?????-?list all records
? -t TYPE?? -?list records of the given type (e.g., A,CNAME,MX, etc.)
view FILE??? - sort an 'ls' output file and view it with more
exit??????- exit the program, ^D also exits
>^D
Interactive/Noninteractive (交談式/非交談式)
執行 nslookup 時可以直接在後面跟著我們要查詢的資料, 那麼 nslookup 會直接把結果傳回來
如果只打入 nslookup [enter], 則進入交談模式, 出現提示符號 >, 此時 nslookup 會等待 user input command.
tung@traveler:~> nslookup www.yohoo.com
Server:?sun4.ee.ncku.edu.tw
Address:?140.116.72.14
Non-authoritative answer:
Name:??yohoo.com
Address:?216.116.98.143
Aliases:?www.yohoo.com
tung@traveler:~> nslookup
Default Server:?sun4.ee.ncku.edu.tw
Address:?140.116.72.14
> www.yohoo.com
Server:?sun4.ee.ncku.edu.tw
Address:?140.116.72.14
Non-authoritative answer:
Name:??yohoo.com
Address:?216.116.98.143
Aliases:?www.yohoo.com
Authoritative/Non-Authoritative
在查詢時有時會出現 Non-authoritative answer, 代表這個答案是由 local DNS 的 cache 中直接讀出來的, 而不是 local DNS 向真正負責這個 domain 的 name server 問來的.
常用的一些 option/command
1. set all
可以得知目前 nslookup 的一些 default 設定值
tung@traveler:~> nslookup
Default Server:?sun4.ee.ncku.edu.tw
Address:?140.116.72.14
> set all
Default Server:?sun4.ee.ncku.edu.tw
Address:?140.116.72.14
Set options:
nodebug???? defname???? search?????recurse
nod2??????novc??????noignoretc???port=53
querytype=A?? class=IN????timeout=5??? retry=4
root=a.root-servers.net.
domain=ee.ncku.edu.tw
srchlist=ee.ncku.edu.tw
2. server dns_server_ip
表示將內定的 local DNS 換成另一部 server
Ex: server 140.116.2.6
3. set type=any
表示在查詢某個 domain name 時, 將和這個 domain name 的一些相關資料一併顯示出來
> set type=any
> www.yohoo.com
Server:?sun4.ee.ncku.edu.tw
Address:?140.116.72.14
Non-authoritative answer:
www.yohoo.com? canonical name = yohoo.com
Authoritative answers can be found from:
yohoo.com??? nameserver = ns1.netgateway.net
yohoo.com??? nameserver = ns2.netgateway.net
ns1.netgateway.net???internet address = 216.116.98.7
ns2.netgateway.net???internet address = 216.116.98.8
在上面的這個例子, 我們除了知道 www.yohoo.com 的 IP 外, 我們還得知了 yohoo.com 是由哪部 name server 在負責的. 因此如果想要知道 www.yohoo.com 真正在 yohoo.com 上的記錄是如何, 而不要有 local DNS cache 中傳回的資料, 我們可以配合使用 server 這個 command 將 default local DNS 改為負責 yohoo.com 的 DNS, 然後再查詢一次
> server 216.116.98.7
Default Server:?ns1.netgateway.net
Address:?216.116.98.7
> www.yohoo.com
Server:?ns1.netgateway.net
Address:?216.116.98.7
Name:??yohoo.com
Address:?216.116.98.143
Aliases:?www.yohoo.com
4. set type=ptr
本來要由 IP 反查 domain name時, 在直接打 IP 就行了, 但如果已經下了 type=any 的話, 要由 IP 反查時就沒那麼方便了, 此時 IP 4 個數字要倒著寫, 最後還要加上 in-addr.arpa. 以查 140.116.72.219 為例, 要輸入的就是 219.72.116.140.in-addr.arpa
tung@traveler:~> nslookup
Default Server:?sun4.ee.ncku.edu.tw
Address:?140.116.72.14
> 140.116.72.219
Server:?sun4.ee.ncku.edu.tw
Address:?140.116.72.14
Name:??garfield.ee.ncku.edu.tw
Address:?140.116.72.219
> set type=any
> 140.116.72.219
Server:?sun4.ee.ncku.edu.tw
Address:?140.116.72.14
*** sun4.ee.ncku.edu.tw can't find 140.116.72.219: Non-existent host/domain
> 219.72.116.140.in-addr.arpa
Server:?sun4.ee.ncku.edu.tw
Address:?140.116.72.14
219.72.116.140.in-addr.arpa?? name = garfield.ee.ncku.edu.tw
72.116.140.IN-ADDR.ARPA nameserver = sun4.ee.ncku.edu.tw
sun4.ee.ncku.edu.tw?? internet address = 140.116.72.14
另外一個辦法就是先下 set type=ptr 或 set type=a 命令, 脫離 type=any 模式, 再進行 IP 反查 domain name 的 command
> set typr=ptr
> 140.116.72.219
Server:?sun4.ee.ncku.edu.tw
Address:?140.116.72.14
219.72.116.140.in-addr.arpa?? name = garfield.ee.ncku.edu.tw
72.116.140.IN-ADDR.ARPA nameserver = sun4.ee.ncku.edu.tw
sun4.ee.ncku.edu.tw?? internet address = 140.116.72.14
5. ls domain
這個命令是要求 name server 將其負責的 zone 內容 show 出來, 這個動作相當於 name server 的整份記錄從 server 端傳回給 nslookup 這個程式, 這種傳回整個 zone 的動作叫作 zone transfer
> set type=any
> ee.ncku.edu.tw
Server:?cs.ncku.edu.tw
Address:?140.116.2.6
ee.ncku.edu.tw?nameserver = sun4.ee.ncku.edu.tw
ee.ncku.edu.tw?preference = 1, mail exchanger = eembox.ee.ncku.edu.tw
ee.ncku.edu.tw?internet address = 140.116.72.15
ee.ncku.edu.tw
??? origin = sun4.ee.ncku.edu.tw
??? mail addr = root.sun4.ee.ncku.edu.tw
??? serial = 1999033001
??? refresh = 3600 (1H)
??? retry? = 900 (15M)
??? expire?= 3600000 (5w6d16h)
??? minimum ttl = 3600 (1H)
ee.ncku.edu.tw?nameserver = sun4.ee.ncku.edu.tw
sun4.ee.ncku.edu.tw?? internet address = 140.116.72.14
eembox.ee.ncku.edu.tw? internet address = 140.116.72.15
> ls ee.ncku.edu.tw
Default Server:?cs.ncku.edu.tw
Address:?140.116.2.6
> [sun4.ee.ncku.edu.tw]
$ORIGIN ee.ncku.edu.tw.
@??????????? 1H IN A???? 140.116.72.15
hdlib4?????????1H IN A???? 140.116.72.4
ds114????????? 1H IN A???? 140.116.72.114
hdlib5?????????1H IN A???? 140.116.72.5
ds115????????? 1H IN A???? 140.116.72.115
yokoyama1??????? 1H IN A???? 140.116.227.217
hdlib6?????????1H IN A???? 140.116.72.6
ds116????????? 1H IN A???? 140.116.72.116
yokoyama2??????? 1H IN A???? 140.116.227.218
ds117????????? 1H IN A???? 140.116.72.117
ds120????????? 1H IN A???? 140.116.72.120
ds118????????? 1H IN A???? 140.116.72.118
ds121????????? 1H IN A???? 140.116.72.121
ds119????????? 1H IN A???? 140.116.72.119
ds122????????? 1H IN A???? 140.116.72.122
ds123????????? 1H IN A???? 140.116.72.123
intelab01??????? 1H IN A???? 140.116.227.39
.....
