Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Alumno:
GUILLERMO ALONSO ARCHILA GUALDRON
CODIGO 13721517
Grupo:
302090_1
Tutor:
Gerardo Granados Acua
Situacin 3:
Investiguen acerca del uso del comando NSLOOKUP (Hace consultas interactivas a
Servidores que corren un DNS).
_ Qu formatos y opciones utiliza (indique ejemplos representativos con direcciones
del Colombia) ?
_ Qu tipo de informacin se puede recopilar acerca de un Host en la red?
_ Utilice NSLOOKUP para encontrar un servidor Web que tenga mltiples
direcciones IP. Tiene el servidor web de www.tucarro.com mltiples direcciones
IP?
nslookup obtener IP de un dominio, servidores de nombres DNS, DNS inverso y
servidores de mail de dominios
Con lo que estamos haciendo una consulta al servidor DNS que tenemos
configurado en la mquina que usamos para lanzar el comando (10.0.0.20 en este
caso) preguntndole cual/es es/son la/s direccin/es IP pblicas del dominio
google.es.Podemos tambin utilizar otro servidor DNS al que tengamos acceso
(nuestro ISP, google) y preguntarle sobre los registros de direcciones IP que
tiene almacenados para cierto dominio y poder comparar o ampliar informacin,
por ejemplo:
openredes@julia-desktop:~$ nslookup google.es 8.8.8.8
Server:
8.8.8.8
Address:
8.8.8.8#53
Non-authoritative answer:
Name: google.es
Address: 209.85.229.104
Name: google.es
Address: 209.85.229.147
Name: google.es
Address: 209.85.229.99
openredes@julia-desktop:~$
De esta forma estamos haciendo la misma consulta para saber la IP del dominio
google.es pero a otro servidor DNS que especificamos tras el nombre a consultar
(en este caso uno de los servidores DNS pblicos de google).Para entrar al modo
interactivo basta con ejecutar el comando nslookup sin argumentos, con lo que
entramos en una consola interactiva de consultas al servidor DNS, la lnea de
comandos cambia a > hasta que salimos con el comando exit:
openredes@julia-desktop:~$ nslookup
>
Ahora estamos en modo interactivo y podemos preguntar al servidor DNS que nos
resuelva directamente un nombre de dominio:
> google.es
Server:
Address:
10.0.0.20
10.0.0.20#53
Non-authoritative answer:
Name: google.es
Address: 209.85.229.99
Name: google.es
Address: 209.85.229.104
Name: google.es
Address: 209.85.229.147
>
De la misma forma que antes, podemos hacer las consultas a otro servidor DNS
diferente al configurado en la mquina que lanza las consultas, para eso:
> server 8.8.8.8
Servidor predeterminado: google-public-dns-a.google.com
Address: 8.8.8.8
>
>
fija la consulta a peticin de informacin acerca de los servidores de email y una
consulta de dominio posterior nos da informacin acerca de los servidores de
email de ese dominio consultado.Hay muchas otras opciones, si por ejemplo el
modo de consulta lo ponemos a any para que nos de toda la informacin posible
(con q=any o type=any) tenemos algo asi:
> set q=any
> google.es
Server:
Address:
10.0.0.20
10.0.0.20#53
Non-authoritative answer:
Name: google.es
Address: 209.85.229.104
Name: google.es
Address: 209.85.229.99
Name: google.es
Address: 209.85.229.147
google.es
nameserver = ns2.google.com.
google.es
mail exchanger = 10 google.com.s9b1.psmtp.com.
google.es
mail exchanger = 10 google.com.s9a1.psmtp.com.
google.es
nameserver = ns3.google.com.
google.es
mail exchanger = 10 google.com.s9b2.psmtp.com.
google.es
origin = ns1.google.com
mail addr = dns-admin.google.com
serial = 1448869
refresh = 21600
retry = 3600
expire = 1209600
minimum = 300
google.es
nameserver = ns1.google.com.
google.es
mail exchanger = 10 google.com.s9a2.psmtp.com.
google.es
nameserver = ns4.google.com.
Authoritative answers can be found from:
>
Pero esto a veces no funciona o los datos no son fiables (no es lo normal), esto
ocurre cuando el propietario de la IP pblica no tiene almacenada ninguna
informacin PTR o incluso puede tener informacin falsa (no es lo normal), pero
esta informacin PTR es un tanto informal y no da la informacin necesaria en la
mayora de los casos, en el caso que tengamos necesidad de saber desde donde
viene (localizacin) las consultas de determinadas IPs sospechosas o incluso la
informacin del propietario hay una utilidad mucho ms potente que usa el
protocolo whois.Hay numerosas herramientas online que permiten hacer consultas
whois
(tambin
nslookup
y
otras),
algunas
son:
http://www.kloth.net/services/whois.phphttp://network-tools.com/http://iptools.es/
Para terminar copio la pgina del manual de nslookup:
System Administration Commands
nslookup(1M)
NAME
nslookup - query name servers interactively
SYNOPSIS
nslookup [- option]... host [server]
nslookup [- option]... - [server]
nslookup
DESCRIPTION
nslookup sends queries to Internet domain name servers. It
has two modes: interactive and non-interactive. Interactive
mode allows the user to contact servers for information
about various hosts and domains or to display a list of
hosts in a domain. Non-interactive mode is used to display
just the name and requested information for a host or
domain.
OPTIONS
-option
Set the permissible options, as shown in the following
list. These are the same options that the set command supports in interactive mode (see set in the
Commands section for more complete descriptions).
all List the current settings
class=classname
Restrict search according to the specified class
d2
1
nslookup(1M)
noignoretc
Set it to acknowledge packet truncation errors
OPERANDS
host Inquires about the specified host. In this noninteractive command format, nslookup Does not prompt
for additional commands.
-
server
Directs inquiries to the name server specified here in
the command line rather than the one read from the
/etc/resolv.conf file (see resolv.conf(4)). server can
be either a name or an Internet address. If the specified host cannot be reached, nslookup resorts to using
the name server specified in /etc/resolv.conf.
USAGE
Non-interactive Mode
Non-interactive mode is selected when the name or Internet
address of the host to be looked up is given as the first
argument.
Within non-interactive mode, space-separated options can be
specified. They must be entered before the host name, to be
queried. Each option must be prefixed with a hyphen.
For example, to request extensive host information and to
set the timeout to 10 seconds when inquiring about gypsy,
enter:
example% nslookup -query=hinfo -timeout=10 gypsy
To avoid repeated entry of an option that you almost always
use, place a corresponding set command in a .nslookuprc
file located inside your home directory. (See Commands for
more information about set.) The .nslookuprc file can contain several set commands if each is followed by a "RETURN".
Entering and Leaving Interactive Mode
Interactive mode is selected when
o No arguments are supplied.
o A `-' (hyphen) character is supplied as the host argument.
To exit from an interactive nslookup session, type
Control-d or type the command exit followed by "RETURN".
SunOS 5.9
2
nslookup(1M)
host [ server ]
Look up information for host using the current default
server, or using server if it is specified.
If the host supplied is an Internet address and the
query type is A or 1PTR, the name of the host is
returned. If the host supplied is a name and it does
not have a trailing period,
3
nslookup(1M)
t querytype-value
lists all records of the specified type (see
querytype within the discussion of the set command).
set token=value
set keyword
Establish a preferred mode of search operation. Permissible token and keyword values are:
all Display the current values of frequently-used
options. Information about the current default
server and host is also displayed.
cl[ass]=classname
Limit the search according to the protocol
group (classname) for which lookup information
is desired. Permissible classname values are:
ANY A wildcard selecting all classes
IN
4
nslookup(1M)
d2
nod2 Enable or disable exhaustive debugging mode.
Essentially all fields of every packet are
displayed. By default, this option is disabled.
deb[ug]
nodeb[ug]
Enable or disable debugging mode. When debugging
mode is enabled, much more information is produced about the packet sent to the server and
the resulting answer. By default, this option is
disabled.
def[name]
nodef[name]
Enable or disable appending the default domain
name to a single-component lookup request (one
that lacks a dot). By default, this option is
enabled for nslookup. The default value for the
domain name is the value given in
/etc/resolv.conf, unless: there is an environmental value for LOCALDOMAIN when nslookup is
run; a recent value has been specified through
the srchlist command or the set domain command.
do[main]=string
Change the default domain name to be appended to
5
nslookup(1M)
MX
MB
MG
6
nslookup(1M)
7
nslookup(1M)
server domain
lserver domain
Change the default server to domain. lserver uses the
initial server to look up information about domain
while server uses the current default server. If an
authoritative answer can not be found, the names of
servers that might have the answer are returned.
EXAMPLES
Example 1: Searching the Internet Domain Namespace
To effectively search the Internet domain namespace, it
helps to know its structure. At present, the Internet domain
name-space is tree-structured, with one top level domain for
each country except the United States.. There are also some
traditional top level domains, not explicitly tied to any
particular country. These include:
COM Commercial establishments
EDU Educational institutions
ORG Not-for-profit organizations
GOV Government agencies
MIL MILNET hosts
If you are looking for a specific host, you need to know
something about the host's organization in order to determine the top-level domain that it belongs to. For instance,
if you want to find the Internet address of a machine at
UCLA, do the following:
o Connect with the root server using the root command.
The root server of the name space has knowledge of the
top-level domains.
o Since UCLA is a university, its domain name is
ucla.edu. Connect with a server for the ucla.edu
domain with the command server ucla.edu. The response
produces the names of hosts that act as servers for
that domain. Note: the root server does not have
information about ucla.edu, but knows the names and
addresses of hosts that do. Once located by the root
server, all future queries will be sent to the UCLA
name server.
o To request information about a particular host in the
domain (for instance, locus), just type the host name.
To request a listing of hosts in the UCLA domain, use
SunOS 5.9
8
nslookup(1M)
EXIT STATUS
The process returns the following values:
0
On success.
On failure.
FILES
/etc/resolv.conf
Initial domain name and name server addresses
$HOME/.nslookuprc
Initial option commands
/usr/lib/nslookup.help
Summary of commands
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
SunOS 5.9
9
nslookup(1M)
____________________________________________________________
|
ATTRIBUTE TYPE
|
ATTRIBUTE VALUE
|
|_____________________________|_____________________________|
| Availability
| SUNWcsu
|
|_____________________________|_____________________________|
| Interface Stability
| Standard BIND 8.2.4
|
|_____________________________|_____________________________|
SEE ALSO
finger(1),
more(1),
in.named(1M),
nstest(1M),
resolver(3RESOLV), resolv.conf(4), attributes(5)
Mockapetris, Paul. RFC 1034, Domain Names - Concepts and
Facilities. Network Working Group. November 1987.
Mockapetris, Paul. RFC 1035, Domain Names - Implementation
and Specification. Network Working Group. November 1987.
DIAGNOSTICS
If the lookup request is successful, an error message is
produced. Possible errors are:
Timed out
The server did not respond to a request after a certain amount of time (changed with set timeout=value)
and a certain number of retries (changed with set
retry=value).
No response from server
No name server is running on the server machine.
No records
The server does not have resource records of the
current query type for the host, although the host
name is valid. The query type is specified with the
set querytype command.
Non-existent domain
The host or domain name does not exist.
Connection refused
Network is unreachable
The connection to the name or finger server can not be
made at the current time. This error commonly occurs
with ls and finger requests.
Server failure
The name server found an internal inconsistency in its
database and could not return a valid answer.
SunOS 5.9
10
nslookup(1M)
Refused
The name server refused to service the request.
Format error
The name server found that the request packet was not
in the proper format. This may indicate an error in
nslookup.
SunOS 5.9
11