Here is a cool thing you can do with NetScanTools Pro. Have you ever needed to look at a top level domain to see name servers or SOA records? It's actually pretty simple and can have some pretty spectacular results.
The other day I wanted to look at the 'bs' domain - really, no kidding. I went to DNS Tools - Core, then entered 'bs.' (the trailing period is REQUIRED), set the name server and set the record type to ANY and pressed NSLOOKUP. Here is what I got back:
[Start Query]
NSLOOKUP Starting Timestamp: 11/15/10 22:35:06
Command line equivalent: "nslookup -recurse -vc -type=ANY bs."
Looking up [bs.]
DNS Name: 4.2.2.2
IP Address: 4.2.2.2
Non-authoritative answer:
bs SOA
SOA origin = DNS.NIC.bs
mail addr = BSADMIN.COB.EDU.bs
serial = 2010111200
refresh = 7200 (2 hours)
retry = 3600 (1 hour)
expire = 3600000 (41 days 16 hours)
min ttl = 86400 (1 day)
bs RRSIG
TTL = 42797 (11 hours 53 mins 17 secs)
NSEC (Next Secure)
Labels = 1
Original TTL = 86400 (1 day)
Signature Expiration = Sun Nov 21 16:00:00 2010
Time Signed = Sun Nov 14 15:00:00 2010
Key Tag = 40288
Signer's Name:
Signature Length: 128 bytes
Signature:
54 0D 4E 76 3B B5 59 45 74 15 AF B1 6F 9A D1 5B
ED FD 19 8A 78 6A D7 70 D5 C9 91 8B 2D 70 B1 E3
21 6D CA 08 A0 28 CF CC 93 63 91 92 FA EC 57 E3
2C 3C DB F9 DD F9 43 2B 90 C6 65 64 7F A0 D3 CA
6B 26 4C 7C 7D 24 1E FE D1 2B 5A F4 17 62 39 C6
C4 AD 2E 37 DD D0 AC 3C E8 53 43 89 AF F3 6D 14
98 F8 DC 1C EC DC 4E 24 B9 8A 2E 06 6E 92 75 F8
18 6E DD 12 63 0E 9D 2D 0A B7 94 3E AF 1D CF 96
bs NSEC
TTL = 42797 (11 hours 53 mins 17 secs)
Next Domain Name: bt
RR Types in Bitmap: NS RRSIG NSEC
bs NS nameserver = DNS.NIC.bs
bs NS nameserver = ANYNS.PCH.NET
bs NS nameserver = UPR1.UPR.CLU.EDU
Server Response Time = 0.233 seconds
[End Query]
As you can see I got back the SOA record, the list of authoritative name servers and the security signature records. Notice how for a top level domain, the authoritative server has mirrors around the world, not just in Bahamas. In fact, there are only three mirrors showing - most top level domains have a lot more than that - the UK has 11. Notice also the domain security record - since last May most top level domains have those records in order to ensure the accuracy of the root data.
You can use the NSLOOKUP tool to inspect the records for any top level domain by following the procedure I outlined above.
No comments:
Post a Comment