UNIVERSIDAD NACIONAL ABIERTA Y A DISTANCIA

Escuela de Ciencias Bsicas, Tecnologa e Ingeniera

Programa: Ingeniera de Sistemas

Curso: Sistemas Distribuidos

Actividad 14: Trabajo Colaborativo 3.

Alumno:
GUILLERMO ALONSO ARCHILA GUALDRON
CODIGO 13721517
Grupo:
302090_1

Tutor:
Gerardo Granados Acua

Universidad Nacional Abierta Y A Distancia

Escuela De Ciencias Bsicas De Tecnologa E Ingeniera De Sistemas
CEAD MALAGA

Situacin 3:
Investiguen acerca del uso del comando NSLOOKUP (Hace consultas interactivas a
Servidores que corren un DNS).
_ Qu formatos y opciones utiliza (indique ejemplos representativos con direcciones
del Colombia) ?
_ Qu tipo de informacin se puede recopilar acerca de un Host en la red?
_ Utilice NSLOOKUP para encontrar un servidor Web que tenga mltiples
direcciones IP. Tiene el servidor web de www.tucarro.com mltiples direcciones
IP?
nslookup obtener IP de un dominio, servidores de nombres DNS, DNS inverso y
servidores de mail de dominios

Cmo obtener la IP pblica de un dominio de Internet? cmo saber a que

dominio corresponde cierta IP pblica (DNS inverso)? cmo saber si nuestro
servidor de nombres DNS est trabajando correctamente? cmo saber la IP o el
nombre completo del servidor de email de un dominio?En muchas ocasiones
resulta necesario obtener este tipo de informacin por diversos motivos, uno de
ellos puede ser que estamos configurando el firewall de Vyatta y necesitamos
saber la IP pblica de determinado dominio de Internet para crear una regla de
firewall para dicho dominio.En casos como este la herramienta nslookup puede
sernos muy til. nslookup est disponible en lnea de comandos tanto en Linux
como en Windows y su funcionamiento es muy sencillo.

El funcionamiento de nslookup tanto en Windows como en Linux es el mismo.

La sintaxis de nslookup es:
nslookup [-option ...] [host-to-find | -[server]]

Podemos trabajar con nslookup de dos formas, en modo interactivo y no

interactivo, la diferencia es que en modo no interactivo hacemos una consulta al
servidor DNS y este nos devuelve el resultado; en el modo interactivo entramos en
un modo de consulta continua al DNS.Para hacer una consulta en modo no
interactivo lo hacemos poniendo el comando nslookup seguido del nombre de
dominio que queremos resolver, podemos hacer algo as:
openredes@julia-desktop:~$ nslookup google.es
Server:
10.0.0.20
Address:
10.0.0.20#53
Non-authoritative answer:
Name: google.es
Address: 209.85.229.99
Name: google.es
Address: 209.85.229.104
Name: google.es
Address: 209.85.229.147
openredes@julia-desktop:~$

Con lo que estamos haciendo una consulta al servidor DNS que tenemos
configurado en la mquina que usamos para lanzar el comando (10.0.0.20 en este
caso) preguntndole cual/es es/son la/s direccin/es IP pblicas del dominio
google.es.Podemos tambin utilizar otro servidor DNS al que tengamos acceso
(nuestro ISP, google) y preguntarle sobre los registros de direcciones IP que
tiene almacenados para cierto dominio y poder comparar o ampliar informacin,
por ejemplo:
openredes@julia-desktop:~$ nslookup google.es 8.8.8.8
Server:
8.8.8.8
Address:
8.8.8.8#53
Non-authoritative answer:
Name: google.es
Address: 209.85.229.104
Name: google.es
Address: 209.85.229.147
Name: google.es
Address: 209.85.229.99
openredes@julia-desktop:~$

De esta forma estamos haciendo la misma consulta para saber la IP del dominio
google.es pero a otro servidor DNS que especificamos tras el nombre a consultar
(en este caso uno de los servidores DNS pblicos de google).Para entrar al modo
interactivo basta con ejecutar el comando nslookup sin argumentos, con lo que
entramos en una consola interactiva de consultas al servidor DNS, la lnea de
comandos cambia a > hasta que salimos con el comando exit:
openredes@julia-desktop:~$ nslookup
>

Ahora estamos en modo interactivo y podemos preguntar al servidor DNS que nos
resuelva directamente un nombre de dominio:
> google.es
Server:
Address:

10.0.0.20
10.0.0.20#53

Non-authoritative answer:
Name: google.es
Address: 209.85.229.99
Name: google.es
Address: 209.85.229.104
Name: google.es
Address: 209.85.229.147
>

De la misma forma que antes, podemos hacer las consultas a otro servidor DNS
diferente al configurado en la mquina que lanza las consultas, para eso:
> server 8.8.8.8
Servidor predeterminado: google-public-dns-a.google.com
Address: 8.8.8.8
>

Y las siguientes consultas se estarn haciendo al nuevo servidor DNS

especificado tras el argumento server.Otro ejemplo podra ser el de pedir
informacin acerca de los servidores de email de un dominio, para esto tenemos la
opcin q=mx o type=mx que se fija con el comando set, entonces podemos
hacer algo como esto:
> set type=mx
> google.es
Server:
10.0.0.20
Address:
10.0.0.20#53
Non-authoritative answer:
google.es
mail exchanger = 10 google.com.s9a2.psmtp.com.
google.es
mail exchanger = 10 google.com.s9b1.psmtp.com.
google.es
mail exchanger = 10 google.com.s9b2.psmtp.com.
google.es
mail exchanger = 10 google.com.s9a1.psmtp.com.

Authoritative answers can be found from:

>
fija la consulta a peticin de informacin acerca de los servidores de email y una
consulta de dominio posterior nos da informacin acerca de los servidores de
email de ese dominio consultado.Hay muchas otras opciones, si por ejemplo el
modo de consulta lo ponemos a any para que nos de toda la informacin posible
(con q=any o type=any) tenemos algo asi:
> set q=any
> google.es
Server:
Address:

10.0.0.20
10.0.0.20#53

Non-authoritative answer:
Name: google.es
Address: 209.85.229.104
Name: google.es
Address: 209.85.229.99
Name: google.es
Address: 209.85.229.147
google.es
nameserver = ns2.google.com.
google.es
mail exchanger = 10 google.com.s9b1.psmtp.com.
google.es
mail exchanger = 10 google.com.s9a1.psmtp.com.
google.es
nameserver = ns3.google.com.
google.es
mail exchanger = 10 google.com.s9b2.psmtp.com.
google.es
origin = ns1.google.com
mail addr = dns-admin.google.com
serial = 1448869
refresh = 21600
retry = 3600
expire = 1209600
minimum = 300
google.es
nameserver = ns1.google.com.
google.es
mail exchanger = 10 google.com.s9a2.psmtp.com.
google.es
nameserver = ns4.google.com.
Authoritative answers can be found from:
>

nos da toda la informacin posible acerca del dominio google.esOtras veces

tenemos la necesidad de saber a que dominio pertenece cierta IP pblica,
simplemente con poner la IP el servidor DNS nos hace un DNS inverso:
> set type=ptr
> 8.8.8.8
Server:
10.0.0.20
Address:
10.0.0.20#53
Non-authoritative answer:
8.8.8.8.in-addr.arpa name = google-public-dns-a.google.com.
Authoritative answers can be found from:
>

Pero esto a veces no funciona o los datos no son fiables (no es lo normal), esto
ocurre cuando el propietario de la IP pblica no tiene almacenada ninguna
informacin PTR o incluso puede tener informacin falsa (no es lo normal), pero
esta informacin PTR es un tanto informal y no da la informacin necesaria en la
mayora de los casos, en el caso que tengamos necesidad de saber desde donde
viene (localizacin) las consultas de determinadas IPs sospechosas o incluso la
informacin del propietario hay una utilidad mucho ms potente que usa el
protocolo whois.Hay numerosas herramientas online que permiten hacer consultas
whois
(tambin
nslookup
y
otras),
algunas
son:
http://www.kloth.net/services/whois.phphttp://network-tools.com/http://iptools.es/
Para terminar copio la pgina del manual de nslookup:
System Administration Commands

nslookup(1M)

NAME
nslookup - query name servers interactively
SYNOPSIS
nslookup [- option]... host [server]
nslookup [- option]... - [server]
nslookup

DESCRIPTION
nslookup sends queries to Internet domain name servers. It
has two modes: interactive and non-interactive. Interactive
mode allows the user to contact servers for information
about various hosts and domains or to display a list of
hosts in a domain. Non-interactive mode is used to display
just the name and requested information for a host or
domain.
OPTIONS
-option
Set the permissible options, as shown in the following
list. These are the same options that the set command supports in interactive mode (see set in the
Commands section for more complete descriptions).
all List the current settings
class=classname
Restrict search according to the specified class
d2

Set exhaustive debug mode on

nod2 Set exhaustive debug mode off

debug Set debug mode on
nodebug
Set debug mode off
defname
Set domain-appending mode on
nodefname
Set domain-appending mode off
domain=string
Establish the appendable domain
ignoretc
Set it to ignore packet truncation errors
SunOS 5.9

Last change: 11 Jan 2002

System Administration Commands

1
nslookup(1M)

noignoretc
Set it to acknowledge packet truncation errors
OPERANDS
host Inquires about the specified host. In this noninteractive command format, nslookup Does not prompt
for additional commands.
-

Causes nslookup to prompt for more information, such

as host names, before sending one or more queries.

server
Directs inquiries to the name server specified here in
the command line rather than the one read from the
/etc/resolv.conf file (see resolv.conf(4)). server can
be either a name or an Internet address. If the specified host cannot be reached, nslookup resorts to using
the name server specified in /etc/resolv.conf.
USAGE
Non-interactive Mode
Non-interactive mode is selected when the name or Internet
address of the host to be looked up is given as the first
argument.
Within non-interactive mode, space-separated options can be
specified. They must be entered before the host name, to be
queried. Each option must be prefixed with a hyphen.
For example, to request extensive host information and to
set the timeout to 10 seconds when inquiring about gypsy,

enter:
example% nslookup -query=hinfo -timeout=10 gypsy
To avoid repeated entry of an option that you almost always
use, place a corresponding set command in a .nslookuprc
file located inside your home directory. (See Commands for
more information about set.) The .nslookuprc file can contain several set commands if each is followed by a "RETURN".
Entering and Leaving Interactive Mode
Interactive mode is selected when
o No arguments are supplied.
o A `-' (hyphen) character is supplied as the host argument.
To exit from an interactive nslookup session, type
Control-d or type the command exit followed by "RETURN".
SunOS 5.9

Last change: 11 Jan 2002

System Administration Commands

2
nslookup(1M)

Supported Command Interactions

The commands associated with interactive mode are subject to
various limitations and run-time conventions.
The maximum length of a command line is 255 characters.
When the "RETURN" key is pressed, command-line execution
begins. While a command is running, its execution can be
interrupted by typing Control-c.
The first word entered on the command line must be the name
of a nslookup command unless you wish to enter the name of a
host to inquire about. Any unrecognized command is handled
as a host name to inquire about. To force a command to be
treated as a host name to be inquired about,
precede it with a backslash character.
Commands
exit Exit the nslookup program.
help
?

Display a brief summary of commands.

host [ server ]
Look up information for host using the current default
server, or using server if it is specified.
If the host supplied is an Internet address and the
query type is A or 1PTR, the name of the host is
returned. If the host supplied is a name and it does
not have a trailing period,

the default domain name is appended to the name.

(This behavior depends on the state of the set options
domain, srchlist, defname, and search).
To look up a host that is not in the current domain,
append a period to the name.
finger [ name ] [ >> filename ]
Connect with the finger server on the current host,
which is defined by the most recent successful host
lookup.
If no name value is specified, a list of login
account names on the current host is generated.
Similar to a shell command interpreter, output can be
redirected to a file using the usual redirection symbols: > and >>.
ls [ -options ] domain [ >> filename ]
List the information available for domain, optionally
SunOS 5.9

Last change: 11 Jan 2002

System Administration Commands

3
nslookup(1M)

creating or appending to filename. The default output

contains host names and their Internet addresses.
Output can be redirected to filename using the > and
>> redirection symbols. When output is directed to a
file, hash marks are shown for every 50 records
received from the server. The permissible values for
options are:
a

Lists aliases of hosts in the domain. This is a

synonym for the command ls -t CNAME.

Lists all records for the domain. This is a

synonym for the command ls -t ANY.

Lists CPU and operating system information for

the domain. This is a synonym for the command ls
-t HINFO.

Lists well-known services of hosts in the

domain. This is a synonym for the command ls -t
WKS.

t querytype-value
lists all records of the specified type (see
querytype within the discussion of the set command).
set token=value

set keyword
Establish a preferred mode of search operation. Permissible token and keyword values are:
all Display the current values of frequently-used
options. Information about the current default
server and host is also displayed.
cl[ass]=classname
Limit the search according to the protocol
group (classname) for which lookup information
is desired. Permissible classname values are:
ANY A wildcard selecting all classes
IN

The Internet class (the default)

CHAOS The Chaos class.

HESIOD
The MIT Athena Hesiod class.
SunOS 5.9

Last change: 11 Jan 2002

System Administration Commands

4
nslookup(1M)

d2
nod2 Enable or disable exhaustive debugging mode.
Essentially all fields of every packet are
displayed. By default, this option is disabled.
deb[ug]
nodeb[ug]
Enable or disable debugging mode. When debugging
mode is enabled, much more information is produced about the packet sent to the server and
the resulting answer. By default, this option is
disabled.
def[name]
nodef[name]
Enable or disable appending the default domain
name to a single-component lookup request (one
that lacks a dot). By default, this option is
enabled for nslookup. The default value for the
domain name is the value given in
/etc/resolv.conf, unless: there is an environmental value for LOCALDOMAIN when nslookup is
run; a recent value has been specified through
the srchlist command or the set domain command.
do[main]=string
Change the default domain name to be appended to

all lookup requests to string. For this option

to have any effect, the defname option must also
be enabled and the search option must be set in
a compatible way. The domain search list contains the parents of the default domain if it
has at least two components in its name. For
example, if the default domain is
CC.Berkeley.EDU, the search list is
CC.Berkeley.EDU and Berkeley.EDU. Use the set
srchlist command to specify a different list.
Use the set all command to display the list.
ignoretc
noignoretc
Ignore packet truncation errors. By default,
this option is disabled.
srch[list]=name1/name2/...
Change the default domain name to name1 and the
domain search list to name1, name2, etc. A maximum of
SunOS 5.9

Last change: 11 Jan 2002

System Administration Commands

5
nslookup(1M)

6 names can be specified, along with slash characters

to separate them. For example,
example% set srchlist=lcs.MIT.EDU/ai.MIT.EDU/MIT.EDU
sets the domain to lcs.MIT.EDU and the search list to
all three names. This command overrides the default
domain name and search list of the set domain command.
Use the set all command to display the list.
search
nosearch
Enable or disable having the domain names in the
domain search list appended to the request, generating
a series of lookup queries if necessary until an
answer is received. To take effect, the lookup request
must contain at least one dot (period); yet it must
not contain a trailing period. By default, this
option is enabled.
po[rt]=value
Specify the default TCP/UDP name server port. By
default, this value is 53.
q[uerytype]=value
ty[pe]=value
Change the type of information returned from a query
to one of:

The Internet address of the host

CNAME The canonical name for an alias

HINFO The host CPU and operating system type
MD

The mail destination

MX

The mail exchanger

MB

The mailbox domain name

MG

The mail group member

MINFO The mailbox or mail list information

NS

The name server

PTR The host name if the query is in the form of an

SunOS 5.9

Last change: 11 Jan 2002

System Administration Commands

6
nslookup(1M)

Internet address; otherwise the pointer to other

information
SOA The domain's start-of-authority information
TXT The text information
UINFO The user information
WKS The supported well-known services
(Other types specified in the RFC 1035 document are
valid, but they are not as useful.)
recurse
norecurse
Enable or disable having to query other name servers
before abandoning a search. By default, this feature
is enabled.
ret[ry]=count
Set the maximum number of times to retry a request
before abandoning a search. When a reply to a request
is not received within a certain amount of time
(changed with set timeout), the timeout period is doubled and the request is resent. The retry value controls how many times a request is resent before the
request is aborted. The default for count is 4.
ro[ot]=host

Change the name of the root server to host. This

affects the root command. The default root server is
ns.internet.net.
t[timeout]=interval
Change the amount of time to wait for a reply to
interval seconds. Each retry doubles the timeout
period. The default interval is 5 seconds.
vc
novc Enable or disable the use of a virtual circuit when
sending requests to the server. By default, this
feature is disabled.
root Change the default server to the server for the root
of the domain name space. Currently, the host
ns.internic.net is used; this command is a synonym for
server ns.internic.net. The name of the root server
can be changed with the set root command.
SunOS 5.9

Last change: 11 Jan 2002

System Administration Commands

7
nslookup(1M)

server domain
lserver domain
Change the default server to domain. lserver uses the
initial server to look up information about domain
while server uses the current default server. If an
authoritative answer can not be found, the names of
servers that might have the answer are returned.
EXAMPLES
Example 1: Searching the Internet Domain Namespace
To effectively search the Internet domain namespace, it
helps to know its structure. At present, the Internet domain
name-space is tree-structured, with one top level domain for
each country except the United States.. There are also some
traditional top level domains, not explicitly tied to any
particular country. These include:
COM Commercial establishments
EDU Educational institutions
ORG Not-for-profit organizations
GOV Government agencies
MIL MILNET hosts
If you are looking for a specific host, you need to know

something about the host's organization in order to determine the top-level domain that it belongs to. For instance,
if you want to find the Internet address of a machine at
UCLA, do the following:
o Connect with the root server using the root command.
The root server of the name space has knowledge of the
top-level domains.
o Since UCLA is a university, its domain name is
ucla.edu. Connect with a server for the ucla.edu
domain with the command server ucla.edu. The response
produces the names of hosts that act as servers for
that domain. Note: the root server does not have
information about ucla.edu, but knows the names and
addresses of hosts that do. Once located by the root
server, all future queries will be sent to the UCLA
name server.
o To request information about a particular host in the
domain (for instance, locus), just type the host name.
To request a listing of hosts in the UCLA domain, use
SunOS 5.9

Last change: 11 Jan 2002

System Administration Commands

8
nslookup(1M)

the ls command. The ls command requires a domain name,

(in this case, ucla.edu, as an argument.
If you are connected with a name server that handles more
than one domain, all lookups for host names must be fully
specified with its domain. For instance, the domain
harvard.edu is served by seismo.css.gov, which also services the css.gov and cornell.edu domains. A lookup request
for the host aiken in the harvard.edu domain must be specified as aiken.harvard.edu. However, the set domain=name and
set defname commands can be used to automatically append a
domain name to each request.
After a successful lookup of a host, use the finger(1) command to see who is on the system, or to finger a specific
person. (finger requires the type to be A.)
To get other information about the host, use the set
querytype=value command to change the type of information
desired and request another lookup.
ENVIRONMENT VARIABLES
HOSTALIASES
References the file containing host aliases
LOCALDOMAIN
Overrides default domain

EXIT STATUS
The process returns the following values:
0

On success.

On failure.

FILES
/etc/resolv.conf
Initial domain name and name server addresses
$HOME/.nslookuprc
Initial option commands
/usr/lib/nslookup.help
Summary of commands
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
SunOS 5.9

Last change: 11 Jan 2002

System Administration Commands

9
nslookup(1M)

____________________________________________________________
|
ATTRIBUTE TYPE
|
ATTRIBUTE VALUE
|
|_____________________________|_____________________________|
| Availability
| SUNWcsu
|
|_____________________________|_____________________________|
| Interface Stability
| Standard BIND 8.2.4
|
|_____________________________|_____________________________|
SEE ALSO
finger(1),
more(1),
in.named(1M),
nstest(1M),
resolver(3RESOLV), resolv.conf(4), attributes(5)
Mockapetris, Paul. RFC 1034, Domain Names - Concepts and
Facilities. Network Working Group. November 1987.
Mockapetris, Paul. RFC 1035, Domain Names - Implementation
and Specification. Network Working Group. November 1987.
DIAGNOSTICS
If the lookup request is successful, an error message is
produced. Possible errors are:
Timed out
The server did not respond to a request after a certain amount of time (changed with set timeout=value)
and a certain number of retries (changed with set

retry=value).
No response from server
No name server is running on the server machine.
No records
The server does not have resource records of the
current query type for the host, although the host
name is valid. The query type is specified with the
set querytype command.
Non-existent domain
The host or domain name does not exist.
Connection refused
Network is unreachable
The connection to the name or finger server can not be
made at the current time. This error commonly occurs
with ls and finger requests.
Server failure
The name server found an internal inconsistency in its
database and could not return a valid answer.
SunOS 5.9

Last change: 11 Jan 2002

System Administration Commands

10
nslookup(1M)

Refused
The name server refused to service the request.
Format error
The name server found that the request packet was not
in the proper format. This may indicate an error in
nslookup.
SunOS 5.9

Last change: 11 Jan 2002

11