[Cialug] dns lookups with dig

tony geerts thegreatland at yahoo.com
Thu Dec 29 22:11:41 CST 2005 


--- Paul Gray <gray at cs.uni.edu> wrote:

> On Wed, Dec 28, 2005 at 03:38:09PM -0800, tony
> geerts wrote:
> > Does anyone know how to get "dig" to do an IQUERY
> > (inverse query).
> > 
> > I am able to do an inverse query using nstest on
> > Solaris.
> >
>
http://docs.sun.com/app/docs/doc/816-0211/6m6nc672g?a=view
> > 
> > The opcode below should be "IQUERY" instead of the
> > standard query when executed properly. 
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR,
> id:
> > 24249
> > 
> > I know that rfc 3425 obsolete's the query.
> > http://www.rfc-archive.org/getrfc.php?rfc=3425
> 
> Not familiar with nstest, but 'dig -x'?
> - -- 
> Paul Gray                                        

"dig -x" would be searching for PTR resource records
given an IP address.
The diagram and explanation should shed some light on
the subject. Maybe this would make for good test
question. 

thanks,
tony

from RFC 1035

6.4.2. Inverse query and response example          The
overall structure
of an inverse query for retrieving the domain name
that corresponds to
Internet address 10.1.0.52 is shown below:

                        
+-----------------------------------------+
           Header        |          OPCODE=IQUERY,
ID=997          |
                        
+-----------------------------------------+
          Question       |                 <empty>    
            |
                        
+-----------------------------------------+
           Answer        |        <anyname> A IN
10.1.0.52         |
                        
+-----------------------------------------+
          Authority      |                 <empty>    
            |
                        
+-----------------------------------------+
         Additional      |                 <empty>    
            |
                        
+-----------------------------------------+

This query asks for a question whose answer is the
Internet style
address 10.1.0.52.  Since the owner name is not known,
any domain name
can be used as a placeholder (and is ignored).  A
single octet of zero,
signifying the root, is usually used because it
minimizes the length of
the message.  The TTL of the RR is not significant. 
The response to
this query might be:

                        
+-----------------------------------------+
           Header        |         OPCODE=RESPONSE,
ID=997         |
                        
+-----------------------------------------+
          Question       |QTYPE=A, QCLASS=IN,
QNAME=VENERA.ISI.EDU |
                        
+-----------------------------------------+
           Answer        |  VENERA.ISI.EDU  A IN
10.1.0.52         |
                        
+-----------------------------------------+
          Authority      |                 <empty>    
            |
                        
+-----------------------------------------+
         Additional      |                 <empty>    
            |
                        
+-----------------------------------------+

Note that the QTYPE in a response to an inverse query
is the same as the
TYPE field in the answer section of the inverse query.
 Responses to
inverse queries may contain multiple questions when
the inverse is not
unique.  If the question section in the response is
not empty, then the
RR in the answer section is modified to correspond to
be an exact copy
of an RR at the first QNAME.


	
		
__________________________________ 
Yahoo! for Good - Make a difference this year. 
http://brand.yahoo.com/cybergivingweek2005/

More information about the Cialug mailing list