Using the Linux host command to dig out DNS details


The host command on Linux systems can look up a variety of information available through the Domain Name System (DNS). It can find a host name if given an IP address or an IP address if given a host name plus a lot of other interesting details on systems and internet domains.

The first query below tells us that the system associated with the address 192.168.0.18 is named “dragonfly”. The second tells us that 192.168.0.1 is the default router.

$ host 192.168.0.18
18.0.168.192.in-addr.arpa domain name pointer dragonfly.
$ host 192.168.0.1
1.0.168.192.in-addr.arpa domain name pointer router.

To do the reverse, you can use commands like these:

$ host dragonfly
dragonfly has address 192.168.0.18
$ host router
router has address 192.168.0.1

These commands were run on my home network, and they only show a small part of the information that the host command can retrieve.

Viewing the host command’s options

Any time you type “host” with no additional arguments, you will see the available command options with a brief explanation of each.

Usage: host [-aCdilrTvVw] [-c class] [-N ndots] [-t type] [-W time]
            [-R number] [-m flag] [-p port] hostname [server]
       -a is equivalent to -v -t ANY
       -A is like -a but omits RRSIG, NSEC, NSEC3
       -c specifies query class for non-IN data
       -C compares SOA records on authoritative nameservers
       -d is equivalent to -v
       -l lists all hosts in a domain, using AXFR
       -m set memory debugging flag (trace|record|usage)
       -N changes the number of dots allowed before root lookup is done
       -p specifies the port on the server to query
       -r disables recursive processing
       -R specifies number of retries for UDP packets
       -s a SERVFAIL response should stop query
       -t specifies the query type
       -T enables TCP/IP mode
       -U enables UDP mode
       -v enables verbose output
       -V print version number and exit
       -w specifies to wait forever for a reply
       -W specifies how long to wait for a reply
       -4 use IPv4 query transport only
       -6 use IPv6 query transport only

For almost every option, you need to supply additional information—a host name, an IP address, a domain name, or maybe some additional data to describe what you are looking for. The only option that will NOT simply provide the list shown above when no argument is provided is the -V option which reports the version information for the command itself.

$ host -V
host 9.16.24-RH

Now let’s look at some of the other useful information that the command can provide.

IP addresses

Some important details for a specific domain can be retrieved using just the domain name:

$ host networkworld.com
networkworld.com has address 151.101.2.165
networkworld.com has address 151.101.66.165
networkworld.com has address 151.101.194.165
networkworld.com has address 151.101.130.165
networkworld.com mail is handled by 0 networkworld-com.mail.protection.outlook.com.

We can see that this domain employs multiple servers as is common among many commercial sites.

Verbose report

If you add the -v (verbose) option, you will see a lot of additional details. For networkworld.com, we would see 33 lines of output if the head command didn’t limit this to the top ten lines.

$ host -v comtech.com | wc -l
33
$ host -v networkworld.com | head -10
Trying “networkworld.com”
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2094
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;networkworld.com.              IN      A

;; ANSWER SECTION:
networkworld.com.       300     IN      A       151.101.66.165
networkworld.com.       300     IN      A       151.101.2.165

You can, however, always pass the host command’s output to grep to pare it down to just what you want to see.

Mail exchange (MX)

To focus on the mail exchange (MX) records, you could use a command like this:

$ host -v comtech.com | grep MX
;comtech.com.                   IN      MX
comtech.com.            2189    IN      MX      0 comtech-com.mail.protection.outlook.com.

Alternately, you can retrieve MX records using the host command’s -t (type) mx option:

$ host -t mx comtech.com
comtech.com mail is handled by 0 comtech-com.mail.protection.outlook.com.

SOA records

To focus on SOA (start of authority) records, you can use a command like this one:

$ host -v comtech.com | grep SOA
comtech.com.            342     IN      SOA     ns47.domaincontrol.com. dns.jomax.net. 2021092901 28800 7200 604800 600

Alternately, you can also use a command like this with the -t (type) SOA option:

$ host -t SOA networkworld.com
networkworld.com has SOA record ns2.pcworld.com. webops.idgesg.net. 2022021100 1800 900 1209600 86400

CNAME

To see CNAME (canonical name) records, you can use a command like this one that tells you that mail.google.com is an alias for Google’s mail server:

$ host -t cname mail.google.com
mail.google.com is an alias for googlemail.l.google.com.

Name server

In the command below, we are just looking for name servers using the ns type with the host command:

$ host -t ns networkworld.com
networkworld.com name server ns-a.pnap.net.
networkworld.com name server ns-c.pnap.net.
networkworld.com name server ns3.pcworld.com.
networkworld.com name server ns-d.pnap.net.
networkworld.com name server ns-b.pnap.net.
networkworld.com name server ns2.pcworld.com.

Wrap-Up

The host command has so many options that it may take a while to get used to them and decide which are the most useful. They can be very handy depending on what you are looking for from the vast DNS knowledge bank.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2022 IDG Communications, Inc.



Source link