Philip Jacob

Walking the DNS Tree

· Philip Jacob

The DNS Rapid Update service that was put into place several months ago is really wonderful. If you make a change to the nameservers associated with a zone, the changes appear in the root servers almost immediately. In many cases, changes to a zone will start resolving right away, but due to record caching, sometimes clients won’t actually see the new record information for a while (until their local cache entries expire).

So, how do you find out if the root nameservers have been updated? You can ask them directly, actually. You can do this with several tools like nslookup, dig, and host. I tend to just use nslookup because that’s what I learned with (it’s also handy to know because it’s ubiquitous). Each of these tools also do other things, but I’m not going into that here.

Let’s say I want to find out what the root servers currently think are the authoritative servers for philipjacob.org.

First, we need to find out who serves org. so that we can ask them:

`phil@cambridge:~$ nslookup

set q=any

org.

Server: 127.0.0.1

Address: 127.0.0.1#53`

`Non-authoritative answer:

org nameserver = tld6.ultradns.co.uk.

org nameserver = tld5.ultradns.info.

org nameserver = tld4.ultradns.org.

org nameserver = tld3.ultradns.org.

org nameserver = TLD2.ULTRADNS.NET.

org nameserver = TLD1.ULTRADNS.NET.

org

origin = TLD1.ULTRADNS.NET

mail addr = domadmin.ULTRADNS.NET

serial = 2005070047

refresh = 1800

retry = 900

expire = 604800

minimum = 86400`

`Authoritative answers can be found from:

org nameserver = tld6.ultradns.co.uk.

org nameserver = tld5.ultradns.info.

org nameserver = tld4.ultradns.org.

org nameserver = tld3.ultradns.org.

org nameserver = TLD2.ULTRADNS.NET.

org nameserver = TLD1.ULTRADNS.NET.

tld6.ultradns.co.uk internet address = 198.133.199.11

tld5.ultradns.info internet address = 192.100.59.11

tld4.ultradns.org internet address = 199.7.67.1

tld4.ultradns.org has AAAA address 2001:502:100e::1

tld3.ultradns.org internet address = 199.7.66.1

TLD2.ULTRADNS.NET internet address = 204.74.113.1

TLD1.ULTRADNS.NET internet address = 204.74.112.1

TLD1.ULTRADNS.NET has AAAA address 2001:502:d399::1`

We can ask any of the authoritative servers, like tld1.ultradns.net, for example:

`> server tld1.ultradns.net.

Default server: tld1.ultradns.net.

Address: 204.74.112.1#53

philipjacob.org.

Server: tld1.ultradns.net.

Address: 204.74.112.1#53`

`Non-authoritative answer:

PHILIPJACOB.ORG nameserver = PETROL.WHIRLYCOTT.COM.

PHILIPJACOB.ORG nameserver = NS.WHIRLYCOTT.COM.`

This tells us that the authoritative servers for philipjacob.org are petrol.whirlycott.com and ns.whirlycott.com.

We can do the same sort of thing with the host tool:

`phil@cambridge:~$ host -a .

Trying “.”

;; -»HEADER< <- opcode: QUERY, status: NOERROR, id: 17068

;; flags: qr rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 13, ADDITIONAL: 3`

`;; QUESTION SECTION:

;. IN ANY`

`;; ANSWER SECTION:

. 515324 IN NS A.ROOT-SERVERS.NET.

. 515324 IN NS H.ROOT-SERVERS.NET.

…….

;; ADDITIONAL SECTION:

A.ROOT-SERVERS.NET. 601724 IN A 198.41.0.4

H.ROOT-SERVERS.NET. 601724 IN A 128.63.2.53

C.ROOT-SERVERS.NET. 601724 IN A 192.33.4.12`

Received 502 bytes from 127.0.0.1#53 in 3 ms

From there, we walk down the tree and can ask any of the root servers who serves up, for example, the .ie top level domain:

`phil@cambridge:~$ host -a ie.

Trying “ie”

;; -»HEADER< <- opcode: QUERY, status: NOERROR, id: 49700

;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 10, ADDITIONAL: 2`

`;; QUESTION SECTION:

;ie. IN ANY`

`;; ANSWER SECTION:

ie. 172800 IN NS uucp-gw-2.pa.dec.com.

ie. 172800 IN NS uucp-gw-1.pa.dec.com.

ie. 172800 IN NS ns6.iedr.ie.

ie. 172800 IN NS ns3.ns.esat.net.

ie. 172800 IN NS ns2.nic.fr.

ie. 172800 IN NS ns.ripe.net.

ie. 172800 IN NS ice.netsource.ie.

…..

;; ADDITIONAL SECTION:

uucp-gw-2.pa.dec.com. 3230 IN A 204.123.2.19

uucp-gw-1.pa.dec.com. 142235 IN A 204.123.2.18`

Received 502 bytes from 64.46.128.3#53 in 36 ms

I’ll dispense with the formalities of dig because it works pretty much the same way as nslookup and host. These commands will give you the information about philipjacob.org:

`dig .

dig org.

dig philipjacob.org.`

Hope that’s useful.