The domain name system (DNS) hums along behind the scenes and, as with running water, we largely take it for granted. That this system just works is a testament to the hackers who designed and developed DNS and the open-source package called Bind, thereby introducing a scalable Internet to the world. Before DNS and Bind, /etc/hosts was the only way to translate IP addresses to human-friendly hostnames and vice versa.

This article will introduce the concepts of DNS and three commands with which you can examine DNS information: host, dig and nslookup.

The DNS is a distributed, hierarchical database where authority flows from the top (or root) of the hierarchy downward. When Linux Journal registered linuxjournal.com, they got permission from an entity that had authority at the root or top level. The Internet Corporation for Assigned Names and Numbers (ICANN) and a domain name registrar, transferred authority for linuxjournal.com to Linux Journal, which now has the authority to create subdomains such as embedded.linuxjournal.com, without the involvement of ICANN and a domain name registrar.

When trying to understand the structure of the DNS, think of an inverted tree—the very structure of the UNIX filesystem. Each branch of the tree is within a zone of authority; more than one branch of this tree can be within a single zone. Linux Journal could choose to retain authority for embedded.linuxjournal.com, or they could delegate it down the tree to someone else who could make subdomains such as zeus.embedded.linuxjournal.com.

The software (usually Bind) that stores domain name information is called a domain name server. A single name server can be authoritative for multiple zones. All zones have a primary master and a secondary master name server that provides authoritative responses for their zones.

If you query a name server not authoritative for a particular zone, that name server will most likely return the correct information. This is because zone information propagates throughout the Internet, and name servers cache zone information for which they are not authoritative.

When you register a new domain name, transfer your old one to a new host or just make changes to the zone database file, it often takes several days for the new information to propagate completely. During that interim period, nonauthoritative name servers often temporarily cache stale information about your domain name.

You may wonder how you fit into this process when you use the Internet. Well, whenever you use the Web, Telnet, FTP, etc., your software uses the resolver (the client side of the DNS), which is a set of library routines compiled into programs such as Mozilla. When you type www.linuxjournal.com, the resolver sets up the query to the name server that does the work of translating www.linuxjournal.com to 207.178.22.49 so you can get to the web site.

For comprehensive coverage of DNS and DNS commands, read the man pages and get one of the excellent DNS books on the market, such as O'Reilly's DNS and Bind and Sybex's Linux DNS Server Administration.

Zone file database records divide DNS information into three primary types: NS (name server) records, MX (mail exchange) records and A (Address) records. NS records indicate the name servers. MX records indicate the hosts that handle e-mail delivery; the priority (pri) number indicates the order in which mail servers are used, with the lowest number receiving the highest priority. The A (Address) records map hostnames to IP addresses, the real names of machines.

This is the simplest of the DNS commands. It is a quick way to determine the IP address of a hostname:

host www.linuxjournal.com
www.linuxjournal.com has address 207.178.22.49
www.linuxjournal.com mail is handled (pri=80)
by www.ssc.com
www.linuxjournal.com mail is handled (pri=10)
by mail.ssc.com
www.linuxjournal.com mail is handled (pri=40)
by cascadia.a42.com

The -a option will return all of the DNS information in verbose format, as seen in Listing 1.

Listing 1. DNS Information in Verbose Format with -a Option

Now that you know the IP address for www.linuxjournal.com, you might want to make sure the reverse lookup works. The reverse lookup checks to see if the reverse zone file maps the IP address to the hostname:

host 207.178.22.49 49.22.178.207.IN-ADDR.ARPA
domain name pointer www.linuxjournal.com

This powerful command gathers and returns DNS information in a format the name server can use directly. For this reason, dig is particularly useful in scripts. You will find it easy to query specific name servers with dig, making it a useful tool for narrowing down the source of DNS problems.

Suppose you have just transferred your domain name hosting from old-host.com to new-host.com. A customer sends you an e-mail saying he cannot reach your web site when he is logged into his ISP. You suspect the zone information simply has not had time to propagate. So, you find out what the NS records are for the ISP in question:

dig ns isp-in-question.com

;; ANSWER SECTION:
isp-in-question.com.  10H IN NS ns1.hugeupstream.com.
isp-in-question.com.  10H IN NS isp-in-question.com.
isp-in-question.com.  10H IN NS ns.isp-in-question.com.
isp-in-question.com.  10H IN NS ns.goodnameserver.com.

Then you check your company's web site against the ISP's name servers:

dig www.yourcompany.com @ns.isp-in-question.com

;; ANSWER SECTION:
www.yourcompany.com.       59m53s IN A   192.168.5.10

Next, you decide to see if old-host.com has removed the old zone information from their name servers. The “any” option will retrieve all the DNS information:

dig any www.yourcompany.com @ns.old-host.com

;; ANSWER SECTION:
www.yourcompany.com.    1H IN A    192.168.200.250

;; AUTHORITY SECTION:
yourcompany.com.        1H IN NS   webns.new-isp.com.
yourcompany.com.        1H IN NS   srvns.new-isp.com.

In this case the A record shows your new IP address for your web server, and it shows the new authoritative name servers for your domain name. This is the information you hoped to find.

These are the most useful dig query types: dig any (gathers all DNS information), dig ns (gathers name server information), dig mx (gathers mail exchanger information) and dig a (gathers network address information).

The dig command can also do reverse lookups with output formatted for the zone file:

dig -x 192.168.200.250
;; ANSWER SECTION: 250.200.168.192.in-addr.arpa.
4h11s IN PTR  www.yourcompany.com.

You can use this tool as a single line command, or you can use it interactively, which distinguishes it from the other DNS commands. Once you have started nslookup, type set all to list the default options. As with dig you can choose the server (name server) you want to query, and you can decide the type of DNS information on which to focus.

Listing 2. Output with nslookup

Just as you can issue commands to nslookup interactively, you can also change the initial defaults by starting a .nslookuprc file. The format of the .nslookup is one command per line:

set type=NS
set domain=srvns.new-host.com
set timeout=10

The ARPANET (the precursor to the Internet) had a few hundred hosts throughout the 1970s. A single flat file called HOSTS.TXT contained all of the information for every host. System administrators periodically downloaded the file and placed the information into their /etc/hosts file; take a look at your own /etc/hosts to see roughly what that file looked like. However, this system was not scalable. The advent of DNS made the exponential growth of the Internet possible.