Have you needed to find the root DNS servers for a particular top level domain?
Applies to: NetScanTools Pro, NetScanTools LE, NetScanTools Basic, NetScanTools Standard (obsolete).
It’s actually pretty easy, but how you enter the top level domain makes all the difference in the world. Examples of a top level domain are: .uk, .com, .nu, .se, .ca etc.
How to do it:
1. Switch to the DNS Tools – Core tool or on older software, the Name Server Lookup tool.
2. Enter the DNS you are going use under Advanced Query.
3. Select the NS record type, you may have to go into AQ Setup or Setup to do this.
4. Enter the top level extension in the IP/host/domain entry area. The correct method is to enter the extension followed by a period: ca. or uk. or com. –if you leave off the period or put the period before the extension, the query will fail.
5. Press NSLOOKUP.
Results will look like these two examples, the first for .ca (Canada) and the second for .se (Sweden):
[Start Query]
NSLOOKUP Starting Timestamp: 02/24/11 14:49:37
Command line equivalent: "nslookup -recurse -type=NS ca."
Looking up [ca.]
DNS Name: 4.2.2.2
IP Address: 4.2.2.2
Non-authoritative answer:
ca NS nameserver = f.ca-servers.ca
ca NS nameserver = e.ca-servers.ca
ca NS nameserver = j.ca-servers.ca
ca NS nameserver = a.ca-servers.ca
ca NS nameserver = c.ca-servers.ca
ca NS nameserver = m.ca-servers.ca
ca NS nameserver = l.ca-servers.ca
ca NS nameserver = z.ca-servers.ca
ca NS nameserver = k.ca-servers.ca
ca NS nameserver = sns-pb.isc.org
Server Response Time = 0.117 seconds
[End Query]
[Start Query]
NSLOOKUP Starting Timestamp: 02/24/11 14:54:34
Command line equivalent: "nslookup -recurse -type=NS se."
Looking up [se.]
DNS Name: 4.2.2.2
IP Address: 4.2.2.2
Non-authoritative answer:
se NS nameserver = d.ns.se
se NS nameserver = e.ns.se
se NS nameserver = c.ns.se
se NS nameserver = a.ns.se
se NS nameserver = b.ns.se
se NS nameserver = g.ns.se
se NS nameserver = h.ns.se
se NS nameserver = i.ns.se
se NS nameserver = f.ns.se
se NS nameserver = j.ns.se
Server Response Time = 0.430 seconds
[End Query]
What you see in the two examples above are the authoritative name servers for the root domains.
Showing posts with label root servers. Show all posts
Showing posts with label root servers. Show all posts
Thursday, March 3, 2011
Monday, November 15, 2010
looking at top level domains
Here is a cool thing you can do with NetScanTools Pro. Have you ever needed to look at a top level domain to see name servers or SOA records? It's actually pretty simple and can have some pretty spectacular results.
The other day I wanted to look at the 'bs' domain - really, no kidding. I went to DNS Tools - Core, then entered 'bs.' (the trailing period is REQUIRED), set the name server and set the record type to ANY and pressed NSLOOKUP. Here is what I got back:
[Start Query]
NSLOOKUP Starting Timestamp: 11/15/10 22:35:06
Command line equivalent: "nslookup -recurse -vc -type=ANY bs."
Looking up [bs.]
DNS Name: 4.2.2.2
IP Address: 4.2.2.2
Non-authoritative answer:
bs SOA
SOA origin = DNS.NIC.bs
mail addr = BSADMIN.COB.EDU.bs
serial = 2010111200
refresh = 7200 (2 hours)
retry = 3600 (1 hour)
expire = 3600000 (41 days 16 hours)
min ttl = 86400 (1 day)
bs RRSIG
TTL = 42797 (11 hours 53 mins 17 secs)
NSEC (Next Secure)
Labels = 1
Original TTL = 86400 (1 day)
Signature Expiration = Sun Nov 21 16:00:00 2010
Time Signed = Sun Nov 14 15:00:00 2010
Key Tag = 40288
Signer's Name:
Signature Length: 128 bytes
Signature:
54 0D 4E 76 3B B5 59 45 74 15 AF B1 6F 9A D1 5B
ED FD 19 8A 78 6A D7 70 D5 C9 91 8B 2D 70 B1 E3
21 6D CA 08 A0 28 CF CC 93 63 91 92 FA EC 57 E3
2C 3C DB F9 DD F9 43 2B 90 C6 65 64 7F A0 D3 CA
6B 26 4C 7C 7D 24 1E FE D1 2B 5A F4 17 62 39 C6
C4 AD 2E 37 DD D0 AC 3C E8 53 43 89 AF F3 6D 14
98 F8 DC 1C EC DC 4E 24 B9 8A 2E 06 6E 92 75 F8
18 6E DD 12 63 0E 9D 2D 0A B7 94 3E AF 1D CF 96
bs NSEC
TTL = 42797 (11 hours 53 mins 17 secs)
Next Domain Name: bt
RR Types in Bitmap: NS RRSIG NSEC
bs NS nameserver = DNS.NIC.bs
bs NS nameserver = ANYNS.PCH.NET
bs NS nameserver = UPR1.UPR.CLU.EDU
Server Response Time = 0.233 seconds
[End Query]
As you can see I got back the SOA record, the list of authoritative name servers and the security signature records. Notice how for a top level domain, the authoritative server has mirrors around the world, not just in Bahamas. In fact, there are only three mirrors showing - most top level domains have a lot more than that - the UK has 11. Notice also the domain security record - since last May most top level domains have those records in order to ensure the accuracy of the root data.
You can use the NSLOOKUP tool to inspect the records for any top level domain by following the procedure I outlined above.
The other day I wanted to look at the 'bs' domain - really, no kidding. I went to DNS Tools - Core, then entered 'bs.' (the trailing period is REQUIRED), set the name server and set the record type to ANY and pressed NSLOOKUP. Here is what I got back:
[Start Query]
NSLOOKUP Starting Timestamp: 11/15/10 22:35:06
Command line equivalent: "nslookup -recurse -vc -type=ANY bs."
Looking up [bs.]
DNS Name: 4.2.2.2
IP Address: 4.2.2.2
Non-authoritative answer:
bs SOA
SOA origin = DNS.NIC.bs
mail addr = BSADMIN.COB.EDU.bs
serial = 2010111200
refresh = 7200 (2 hours)
retry = 3600 (1 hour)
expire = 3600000 (41 days 16 hours)
min ttl = 86400 (1 day)
bs RRSIG
TTL = 42797 (11 hours 53 mins 17 secs)
NSEC (Next Secure)
Labels = 1
Original TTL = 86400 (1 day)
Signature Expiration = Sun Nov 21 16:00:00 2010
Time Signed = Sun Nov 14 15:00:00 2010
Key Tag = 40288
Signer's Name:
Signature Length: 128 bytes
Signature:
54 0D 4E 76 3B B5 59 45 74 15 AF B1 6F 9A D1 5B
ED FD 19 8A 78 6A D7 70 D5 C9 91 8B 2D 70 B1 E3
21 6D CA 08 A0 28 CF CC 93 63 91 92 FA EC 57 E3
2C 3C DB F9 DD F9 43 2B 90 C6 65 64 7F A0 D3 CA
6B 26 4C 7C 7D 24 1E FE D1 2B 5A F4 17 62 39 C6
C4 AD 2E 37 DD D0 AC 3C E8 53 43 89 AF F3 6D 14
98 F8 DC 1C EC DC 4E 24 B9 8A 2E 06 6E 92 75 F8
18 6E DD 12 63 0E 9D 2D 0A B7 94 3E AF 1D CF 96
bs NSEC
TTL = 42797 (11 hours 53 mins 17 secs)
Next Domain Name: bt
RR Types in Bitmap: NS RRSIG NSEC
bs NS nameserver = DNS.NIC.bs
bs NS nameserver = ANYNS.PCH.NET
bs NS nameserver = UPR1.UPR.CLU.EDU
Server Response Time = 0.233 seconds
[End Query]
As you can see I got back the SOA record, the list of authoritative name servers and the security signature records. Notice how for a top level domain, the authoritative server has mirrors around the world, not just in Bahamas. In fact, there are only three mirrors showing - most top level domains have a lot more than that - the UK has 11. Notice also the domain security record - since last May most top level domains have those records in order to ensure the accuracy of the root data.
You can use the NSLOOKUP tool to inspect the records for any top level domain by following the procedure I outlined above.
Subscribe to:
Posts (Atom)