Checking Name Resolution 101

This article is laid out so that it will show you how to not only use the tools, but also how to pick them. This is helpful because to just learn the tool’s name and all the switches you can use with it may not be particularly helpful to you if you don’t know when you would use a particular switch with a command. I have seen this a million times in books that are trying to drill this information into your head so that you remember it, problem is, if there is no scenario, you know, a real world – in the pits – scenario, pure memorization of the tool and its switches becomes pointless then because although you may have them memorized, how would you use them to resolve problems?

Consider Ping. Why would you use a Ping command with a ( -a ) switch? Let’s consider a problem where you would have to test DNS resolution, a user can’t get to an Internet website. Now, I know there are many ways you can test to establish what the problem is but let’s assume we wanted to quickly see if DNS was the problem, we isolated the problem that far, it’s definitely something wrong with DNS resolution. The DNS Cache was also flushed (ipconfig /flushdns which purges the DNS Resolver cache). So now, we will quickly test DNS with Ping? Yes, Ping with a particular switch can be used to solve a problem such as ‘why can’t we get to that URL, http://compIntranet?’ Well, do you know if you have DNS resolution such as a HOST file entry or the company DNS server assignments in the TCP/IP configuration properties configured via a DHCP server? Test DNS on your local PC to make sure you aren’t the problem first. If you get a complaint that users can’t get to http://compIntranet then you should make sure that you aren’t the problem first. Make sure you have DNS resolution. You can do this many ways, but one of the ways you can do it with the Ping command is with the ping –a ip_address command which will try to query resolve DNS to find out what the host name is.

1. You have to see if DNS resolution is working you can see if the DNS server you are configured to query knows what it’s talking about. Using the NSLOOKUP command shows this information.

C:\WINDOWS\SYSTEM32>nslookup Default Server:  ns3.srv.hcvlny.cv.net Address:  167.206.112.3 > www.yahoo.com Server:  ns3.srv.hcvlny.cv.net Address:  167.206.112.3 Non-authoritative answer: Name:    www.yahoo.akadns.net Addresses:  216.109.118.74, 216.109.118.75, 216.109.118.77, 216.109.117.110                   216.109.117.204, 216.109.117.205, 216.109.118.69, 216.109.118.71 Aliases:  www.yahoo.com

1. When I query my local DNS server, I can see that Yahoo.com has multiple IP addresses that can be used.
2. Now, it’s possible to ping with the –a switch to also verify if DNS resolution is work. Pinging Yahoo’s IP address with the –a switch produces the DNS name of the system.

C:\WINDOWS\SYSTEM32>ping -a 216.109.118.74 Pinging p11.www.dcn.yahoo.com [216.109.118.74] with 32 bytes of data: Reply from 216.109.118.74: bytes=32 time=22ms TTL=51 Reply from 216.109.118.74: bytes=32 time=25ms TTL=51 Reply from 216.109.118.74: bytes=32 time=27ms TTL=51 Reply from 216.109.118.74: bytes=32 time=32ms TTL=51 Ping statistics for 216.109.118.74:     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:     Minimum = 22ms, Maximum = 32ms, Average = 26ms

Although a simple example of using command line tools, we were able to also see why we would want to use them. See, so this guide does just sound like a machine telling you that ping is a command line tool that uses the ICMP echo protocol to send packets to … blah, blah, and blah! It’s a useful guide to help you understand why you would use them as well. It also shows you why you would use such switches that are available with the most common tools! Hopefully this will help you know when to use each one and help you create that precision needed in your troubleshooting steps. We will be back next time with some command line tool tips.  

25.6.6.3 Zone Files

An example master zone file for example.org (existing within /etc/namedb/master/example.org) is as follows:

$TTL 3600        ; 1 hour
example.org.    IN      SOA      ns1.example.org. admin.example.org. (
                                2006051501      ; Serial
                                10800           ; Refresh
                                3600            ; Retry
                                604800          ; Expire
                                86400           ; Minimum TTL
                        )

; DNS Servers
                IN      NS      ns1.example.org.
                IN      NS      ns2.example.org.

; MX Records
                IN      MX 10   mx.example.org.
                IN      MX 20   mail.example.org.

                IN      A       192.168.1.1

; Machine Names
localhost       IN      A       127.0.0.1
ns1             IN      A       192.168.1.2
ns2             IN      A       192.168.1.3
mx              IN      A       192.168.1.4
mail            IN      A       192.168.1.5

; Aliases
www             IN      CNAME   @

Note that every hostname ending in a “.” is an exact hostname, whereas everything without a trailing “.” is referenced to the origin. For example, www is translated into www.origin. In our fictitious zone file, our origin is example.org., so www would translate to www.example.org.

The format of a zone file follows:

recordname      IN recordtype   value

The most commonly used DNS records:

SOA

start of zone authority

NS

an authoritative name server

A

a host address

CNAME

the canonical name for an alias

MX

mail exchanger

PTR

a domain name pointer (used in reverse DNS)

example.org. IN SOA ns1.example.org. admin.example.org. (
                        2006051501      ; Serial
                        10800           ; Refresh after 3 hours
                        3600            ; Retry after 1 hour
                        604800          ; Expire after 1 week
                        86400 )         ; Minimum TTL of 1 day

example.org.

the domain name, also the origin for this zone file.

ns1.example.org.

the primary/authoritative name server for this zone.

admin.example.org.

the responsible person for this zone, email address with “@” replaced. (<admin@example.org> becomes admin.example.org)

2006051501

the serial number of the file. This must be incremented each time the zone file is modified. Nowadays, many admins prefer a yyyymmddrr format for the serial number. 2006051501 would mean last modified 05/15/2006, the latter 01 being the first time the zone file has been modified this day. The serial number is important as it alerts slave name servers for a zone when it is updated.

       IN NS           ns1.example.org.

This is an NS entry. Every name server that is going to reply authoritatively for the zone must have one of these entries.

localhost       IN      A       127.0.0.1
ns1             IN      A       192.168.1.2
ns2             IN      A       192.168.1.3
mx              IN      A       192.168.1.4
mail            IN      A       192.168.1.5

The A record indicates machine names. As seen above, ns1.example.org would resolve to 192.168.1.2.

                IN      A       192.168.1.1

This line assigns IP address 192.168.1.1 to the current origin, in this case example.org.

www             IN CNAME        @

The canonical name record is usually used for giving aliases to a machine. In the example, www is aliased to the “master” machine which name equals to domain name example.org (192.168.1.1). CNAMEs can be used to provide alias hostnames, or round robin one hostname among multiple machines.

               IN MX   10      mail.example.org.

The MX record indicates which mail servers are responsible for handling incoming mail for the zone. mail.example.org is the hostname of the mail server, and 10 being the priority of that mail server.

One can have several mail servers, with priorities of 10, 20 and so on. A mail server attempting to deliver to example.org would first try the highest priority MX (the record with the lowest priority number), then the second highest, etc, until the mail can be properly delivered.

For in-addr.arpa zone files (reverse DNS), the same format is used, except with PTR entries instead of A or CNAME.

$TTL 3600

1.168.192.in-addr.arpa. IN SOA ns1.example.org. admin.example.org. (
                        2006051501      ; Serial
                        10800           ; Refresh
                        3600            ; Retry
                        604800          ; Expire
                        3600 )          ; Minimum

        IN      NS      ns1.example.org.
        IN      NS      ns2.example.org.

1       IN      PTR     example.org.
2       IN      PTR     ns1.example.org.
3       IN      PTR     ns2.example.org.
4       IN      PTR     mx.example.org.
5       IN      PTR     mail.example.org.

This file gives the proper IP address to hostname mappings of our above fictitious domain.