You are here: Home / What do you need? / Help and documentation / Unix tricks and information / DNS checking with whois, nslookup and dig

DNS checking with whois, nslookup and dig

by Darrell Kingsley last modified Mar 13, 2014 02:03 PM
These are all great tools for Linux, OSX and in some cases, Windows too. I think nslookup is a Windows command line tool.

whois

To use whois, just type at the command line e.g. :

whois beetlebrow.com

This yields something like:

[Querying whois.internic.net]
[Redirected to whois.tucows.com]
[Querying whois.tucows.com]
[whois.tucows.com]
Registrant:
 Beetlebrow
 South Mill
 South Mill Road
 Amesbury, Wiltshire SP4 7HR
 GB

 Domain name: BEETLEBROW.COM


 Administrative Contact:
    Eveling, Ben  beetlebrow@hotmail.com
    South Mill
    South Mill Road
    Amesbury, Wiltshire SP4 7HR
    GB
    447798625064
 Technical Contact:
    Eveling, Ben  beetlebrow@hotmail.com
    South Mill
    South Mill Road
    Amesbury, Wiltshire SP4 7HR
    GB
    447798625064


 Registration Service Provider:
    UK Reg, domains@fasthosts.co.uk
    +44 1452 541252
    +44 1452 538485 (fax)
    http://www.ukreg.com/



 Registrar of Record: TUCOWS, INC.
 Record last updated on 27-Jun-2008.
 Record expires on 26-Jul-2009.
 Record created on 26-Jul-2000.

 Registrar Domain Name Help Center:
    http://domainhelp.tucows.com

 Domain servers in listed order:
    NS9.ZONEEDIT.COM   
    NS18.ZONEEDIT.COM   


 Domain status: clientTransferProhibited
                clientUpdateProhibited

The Data in the Tucows Registrar WHOIS database is provided to you by Tucows
for information purposes only, and may be used to assist you in obtaining
information about or related to a domain name's registration record.

Tucows makes this information available "as is," and does not guarantee its
accuracy.

By submitting a WHOIS query, you agree that you will use this data only for
lawful purposes and that, under no circumstances will you use this data to:
a) allow, enable, or otherwise support the transmission by e-mail,
telephone, or facsimile of mass, unsolicited, commercial advertising or
solicitations to entities other than the data recipient's own existing
customers; or (b) enable high volume, automated, electronic processes that
send queries or data to the systems of any Registry Operator or
ICANN-Accredited registrar, except as reasonably necessary to register
domain names or modify existing registrations.

The compilation, repackaging, dissemination or other use of this Data is
expressly prohibited without the prior written consent of Tucows.

Tucows reserves the right to terminate your access to the Tucows WHOIS
database in its sole discretion, including without limitation, for excessive
querying of the WHOIS database or for failure to otherwise abide by this
policy.

Tucows reserves the right to modify these terms at any time.

By submitting this query, you agree to abide by these terms.

NOTE: THE WHOIS DATABASE IS A CONTACT DATABASE ONLY.  LACK OF A DOMAIN
RECORD DOES NOT SIGNIFY DOMAIN AVAILABILITY.

This tells you if the domain is locked (domain status), and what the nameservers are called. YOu can use the domain servers to get more information with ns lookup.

nslookup

Use nslookup in interactive mode. This way you can do lots of queries at once. At the command prompt type:

nslookup

The tool responds with a new command line interface ">"

You then type i the name of the server you want to query (e.g. a nameserver from above from above):

server ns9.zoneedit.com

It responds:

Default server: ns9.zoneedit.com
Address: 66.240.231.42#53

 Next you tell it what kind of query you'd like to make. For example, to ask about the mailserver type:

set q=MX

To ask about the A records, type:

set q=A

It doesn't respond except by returning you to its > prompt

now you tell it which server you're asking about. In this example, let's ask about beetlebrow.com. Just type:

beetlebrow.com.

Apparently the dot at the end is correct, though it seems to work without it. It responds:

Server:     ns9.zoneedit.com
Address:    66.240.231.42#53

beetlebrow.com    mail exchanger = 0 mail7.zoneedit.com.
beetlebrow.com    mail exchanger = 0 mail6.zoneedit.com.

 If you now typed in another server, say:

server ns3.zoneedit.com

You could do another q=MX query just by typing in the domain yoiu'd like to ask about again. Similarly you could do a q=A query without retyping server ns9.zoneedit.com, or query the same nameserver for the same type of record just by typing in the new domain you want to query because nslookup remembers the last one of each that you typed in.

If you did change server to ns.zonedit.com as above, as it is not the nameserver for beetlebrow.com, you get interesting results. It tells you where to look for information i.e.

Non-authoritative answer:
*** Can't find beetlebrow.com: No answer

Authoritative answers can be found from:
.    nameserver = A.ROOT-SERVERS.NET.
.    nameserver = B.ROOT-SERVERS.NET.
.    nameserver = C.ROOT-SERVERS.NET.
.    nameserver = D.ROOT-SERVERS.NET.
.    nameserver = E.ROOT-SERVERS.NET.
.    nameserver = F.ROOT-SERVERS.NET.
.    nameserver = G.ROOT-SERVERS.NET.
.    nameserver = H.ROOT-SERVERS.NET.
.    nameserver = I.ROOT-SERVERS.NET.
.    nameserver = J.ROOT-SERVERS.NET.
.    nameserver = K.ROOT-SERVERS.NET.
.    nameserver = L.ROOT-SERVERS.NET.
.    nameserver = M.ROOT-SERVERS.NET.

You could then query one of these servers e.g.

 server E.ROOT-SERVERS.NET.

This will then direct you to other servers, then to other servers, until you find the ones that have the information. It's great.

Not all servers are so helpful e.g. query a Clara.net nameserver about the saled.org mailserver:

server ns1.clara.net
set q=MX
saled.org.

yields:

** server can't find mailserver.saled.org: SERVFAIL

Thanks a bunch, Claranet! I suspect this means it doesn't have a record of this domain and won't have one until it refreshes its DNS  cache. If yoiu get this far and end up with something like this, it may mean the DNS server in question has to flush its DNS cache. We won't have to do this, because we don't administer any nameservers, but it might be worth asking the DNS server adminstrators to do it.

To exit nslookup interactive mode, do a ctrl C.

There are a load of other options, and you'll find more info here:http://linux.math.tifr.res.in/manuals/man/nslookup.html.

Reverse DNS lookup with nslookup

nslookup 213.171.216.124

or

host 213.171.216.124

Dig

You can also use dig to get info, e.g. if there's anything wrong with a domain's DNS. Type:

dig saled.org

This yields:

; <<>> DiG 9.2.4 <<>> saled.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19843
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;saled.org.            IN    A

;; ANSWER SECTION:
saled.org.        7200    IN    A    87.246.76.83

;; AUTHORITY SECTION:
saled.org.        7200    IN    NS    ns8.zoneedit.com.
saled.org.        7200    IN    NS    ns3.zoneedit.com.

;; ADDITIONAL SECTION:
ns3.zoneedit.com.    146173    IN    A    76.74.236.21
ns8.zoneedit.com.    61092    IN    A    75.125.10.187

;; Query time: 408 msec
;; SERVER: 212.20.226.130#53(212.20.226.130)
;; WHEN: Wed Dec 10 17:33:30 2008
;; MSG SIZE  rcvd: 123

The status:NOERROR tells us everything is set up okay.

You can also use the webbed version of some of these tools athttp://www.whatsmyip.org/whois/ - but generally I'd say the command line tools are more informative. Please add more info, as you find it out.