And for extra credit - Is it possible to find the origins of conflicting DNS records?
额外信用 - 是否有可能找到冲突的DNS记录的起源?
11 个解决方案
#1
371
You'll want the SOA (Start of Authority) record for a given domain name, and this is how you accomplish it using the universally available nslookup command line tool:
您将需要给定域名的SOA(权限开始)记录,这是使用通用的nslookup命令行工具完成它的方法:
command line> nslookup
> set querytype=soa
> *.com
Server: 217.30.180.230
Address: 217.30.180.230#53
Non-authoritative answer:
*.com
origin = ns51.domaincontrol.com # ("primary name server" on Windows)
mail addr = dns.jomax.net # ("responsible mail addr" on Windows)
serial = 2008041300
refresh = 28800
retry = 7200
expire = 604800
minimum = 86400
Authoritative answers can be found from:
*.com nameserver = ns52.domaincontrol.com.
*.com nameserver = ns51.domaincontrol.com.
The origin (or primary name server on Windows) line tells you that ns51.domaincontrol is the main name server for *.com.
源(或Windows上的主名称服务器)行告诉您ns51.domaincontrol是*.com的主名称服务器。
At the end of output all authoritative servers, including backup servers for the given domain, are listed.
在输出结束时,将列出所有权威服务器,包括给定域的备份服务器。
#2
158
You used the singular in your question but there are typically several authoritative name servers, the RFC 1034 recommends at least two.
您在问题中使用了单数,但通常有几个权威名称服务器,RFC 1034建议至少两个。
Unless you mean "primary name server" and not "authoritative name server". The secondary name servers are authoritative.
除非您的意思是“主要名称服务器”而不是“权威名称服务器”。辅助名称服务器是权威的。
To find out the name servers of a domain on Unix:
要在Unix上找出域的名称服务器:
% dig +short NS *.com
ns52.domaincontrol.com.
ns51.domaincontrol.com.
To find out the server listed as primary (the notion of "primary" is quite fuzzy these days and typically has no good answer):
要找出列为主要服务器的服务器(“主要”的概念现在非常模糊,通常没有好的答案):
% dig +short SOA *.com | cut -d' ' -f1
ns51.domaincontrol.com.
To check discrepencies between name servers, my preference goes to the old check_soa
tool, described in Liu & Albitz "DNS & BIND" book (O'Reilly editor). The source code is available in http://examples.oreilly.com/dns5/
为了检查名称服务器之间的差异,我的偏好转到了旧的check_soa工具,在Liu&Albitz“DNS&BIND”一书(O'Reilly编辑)中有描述。源代码可在http://examples.oreilly.com/dns5/中找到
% check_soa *.com
ns51.domaincontrol.com has serial number 2008041300
ns52.domaincontrol.com has serial number 2008041300
Here, the two authoritative name servers have the same serial number. Good.
这里,两个权威名称服务器具有相同的序列号。好。
#3
35
On *nix:
$ dig -t ns <domain name>
#4
15
I have a DNS propagation tool designed to answer these kind of questions.
我有一个DNS传播工具,旨在回答这些问题。
Source is released under the AGPLv3.
资料来源于AGPLv3。
(Yes, the interface is rather basic at the moment :) )
(是的,此刻界面相当基本:))
You could also find out the nameservers for a domain with the "host" command:
您还可以使用“host”命令找到域的名称服务器:
[davidp@supernova:~]$ host -t ns *.com *.com name server ns51.domaincontrol.com. *.com name server ns52.domaincontrol.com.
#5
6
The term you should be googling is "authoritative," not "definitive".
你应该谷歌搜索的术语是“权威的”,而不是“权威的”。
On Linux or Mac you can use the commands whois
, dig
, host
, nslookup
or several others. nslookup
might also work on Windows.
在Linux或Mac上,您可以使用命令whois,dig,host,nslookup或其他几个命令。 nslookup也可以在Windows上运行。
An example:
$ whois *.com
[...]
Domain servers in listed order:
NS51.DOMAINCONTROL.COM
NS52.DOMAINCONTROL.COM
As for the extra credit: Yes, it is possible.
至于额外的信用:是的,这是可能的。
aryeh is definitely wrong, as his suggestion usually will only give you the IP address for the hostname. If you use dig
, you have to look for NS records, like so:
aryeh肯定是错的,因为他的建议通常只会给你主机名的IP地址。如果你使用dig,你必须查找NS记录,如下所示:
dig ns *.com
Keep in mind that this may ask your local DNS server and thus may give wrong or out-of-date answers that it has in its cache.
请记住,这可能会询问您的本地DNS服务器,因此可能会在其缓存中提供错误或过时的答案。
#6
6
I found that the best way it to add always the +trace option:
我发现它总是添加+ trace选项的最佳方式:
dig SOA +trace *.com
It works also with recursive CNAME hosted in different provider. +trace trace imply +norecurse so the result is just for the domain you specify.
它也适用于托管在不同提供程序中的递归CNAME。 + trace trace imply + norecurse,因此结果仅适用于您指定的域。
#7
2
We've built a dns lookup tool that gives you the domain's authoritative nameservers and its common dns records in one request.
我们构建了一个dns查找工具,在一个请求中为您提供域的权威名称服务器及其常见的dns记录。
Example: https://www.misk.com/tools/#dns/*.com
Our tool finds the authoritative nameservers by performing a realtime (uncached) dns lookup at the root nameservers and then following the nameserver referrals until we reach the authoritative nameservers. This is the same logic that dns resolvers use to obtain authoritative answers. A random authoritative nameserver is selected (and identified) on each query allowing you to find conflicting dns records by performing multiple requests.
我们的工具通过在根名称服务器上执行实时(未缓存)的dns查找然后跟随名称服务器引用来找到权威的名称服务器,直到我们到达权威的名称服务器。这与dns解析器用于获取权威答案的逻辑相同。在每个查询上选择(并标识)随机权威名称服务器,允许您通过执行多个请求来查找冲突的dns记录。
You can also view the nameserver delegation path by clicking on "Authoritative Nameservers" at the bottom of the dns lookup results from the example above.
您还可以通过单击上面示例的dns查找结果底部的“权威名称服务器”来查看名称服务器委派路径。
Example: https://www.misk.com/tools/#dns/*.com@f.root-servers.net
#8
1
You can use the whois service. On a UNIX like operating system you would execute the following command. Alternatively you can do it on the web at http://www.internic.net/whois.html.
您可以使用whois服务。在类似UNIX的操作系统上,您将执行以下命令。或者,您可以在网站http://www.internic.net/whois.html上进行此操作。
whois *.com
You would get the following response.
你会得到以下回应。
...text removed here...
......文本已删除...
Domain servers in listed order: NS51.DOMAINCONTROL.COM NS52.DOMAINCONTROL.COM
按列出的顺序排列的域服务器:NS51.DOMAINCONTROL.COM NS52.DOMAINCONTROL.COM
You can use nslookup or dig to find out more information about records for a given domain. This might help you resolve the conflicts you have described.
您可以使用nslookup或dig来查找有关给定域的记录的更多信息。这可能有助于您解决所描述的冲突。
#9
0
Unfortunately, most of these tools only return the NS record as provided by the actual name server itself. To be more accurate in determining which name servers are actually responsible for a domain, you'd have to either use "whois" and check the domains listed there OR use "dig [domain] NS @[root name server]" and run that recursively until you get the name server listings...
不幸的是,大多数这些工具只返回实际名称服务器本身提供的NS记录。为了更准确地确定哪些名称服务器实际负责域,您必须使用“whois”并检查其中列出的域或使用“dig [domain] NS @ [root name server]”并运行递归,直到你得到名称服务器列表...
I wish there were a simple command line that you could run to get THAT result dependably and in a consistent format, not just the result that is given from the name server itself. The purpose of this for me is to be able to query about 330 domain names that I manage so I can determine exactly which name server each domain is pointing to (as per their registrar settings).
我希望有一个简单的命令行,你可以运行以获得可靠的结果并以一致的格式,而不仅仅是从名称服务器本身给出的结果。这对我来说就是能够查询我管理的330个域名,这样我就能确切地确定每个域所指向的名称服务器(根据他们的注册商设置)。
Anyone know of a command using "dig" or "host" or something else on *nix?
任何人都知道在* nix上使用“挖掘”或“主机”或其他东西的命令?
#10
0
SOA records are present on all servers further up the hierarchy, over which the domain owner has NO control, and they all in effect point to the one authoritative name server under control of the domain owner.
SOA记录存在于层次结构上的所有服务器上,域所有者无法控制,并且它们实际上都指向域所有者控制下的一个权威名称服务器。
The SOA record on the authoritative server itself is, on the other hand, not strictly needed for resolving that domain, and can contain bogus info (or hidden primary, or otherwise restricted servers) and should not be relied on to determine the authoritative name server for a given domain.
另一方面,权威服务器本身的SOA记录不是解析该域所必需的,并且可能包含伪造信息(或隐藏的主服务器或其他受限制的服务器),不应依赖它来确定权威名称服务器对于给定的域名。
You need to query the server that is authoritative for the top level domain to obtain reliable SOA information for a given child domain.
您需要查询对*域具有权威性的服务器,以获取给定子域的可靠SOA信息。
(The information about which server is authoritative for which TLD can be queried from the root name servers).
(有关哪个服务器具有权威性,可以从根名称服务器查询哪个TLD的信息)。
When you have reliable information about the SOA from the TLD authoritative server, you can then query the primary name server itself authoritative (the one thats in the SOA record on the gTLD nameserver!) for any other NS records, and then proceed with checking all those name servers you've got from querying the NS records, to see if there is any inconsistency for any other particular record, on any of those servers.
当您从TLD权威服务器获得有关SOA的可靠信息时,您可以查询主要名称服务器本身的权威性(gTLD名称服务器上的SOA记录中的那个!)以获取任何其他NS记录,然后继续检查所有您从查询NS记录中获得的那些名称服务器,以查看在任何这些服务器上是否存在任何其他特定记录的任何不一致。
This all works much better/reliable with linux and dig than with nslookup/windows.
这一切都比使用nslookup / windows更好/可靠的linux和dig。
#11
-2
An easy way is to use an online domain tool. My favorite is Domain Tools (formerly whois.sc). I'm not sure if they can resolve conflicting DNS records though. As an example, the DNS servers for *.com are
一种简单的方法是使用在线域名工具。我最喜欢的是Domain Tools(以前称为whois.sc)。我不确定他们是否可以解决冲突的DNS记录。例如,*.com的DNS服务器是
NS51.DOMAINCONTROL.COM
NS52.DOMAINCONTROL.COM
#1
371
You'll want the SOA (Start of Authority) record for a given domain name, and this is how you accomplish it using the universally available nslookup command line tool:
您将需要给定域名的SOA(权限开始)记录,这是使用通用的nslookup命令行工具完成它的方法:
command line> nslookup
> set querytype=soa
> *.com
Server: 217.30.180.230
Address: 217.30.180.230#53
Non-authoritative answer:
*.com
origin = ns51.domaincontrol.com # ("primary name server" on Windows)
mail addr = dns.jomax.net # ("responsible mail addr" on Windows)
serial = 2008041300
refresh = 28800
retry = 7200
expire = 604800
minimum = 86400
Authoritative answers can be found from:
*.com nameserver = ns52.domaincontrol.com.
*.com nameserver = ns51.domaincontrol.com.
The origin (or primary name server on Windows) line tells you that ns51.domaincontrol is the main name server for *.com.
源(或Windows上的主名称服务器)行告诉您ns51.domaincontrol是*.com的主名称服务器。
At the end of output all authoritative servers, including backup servers for the given domain, are listed.
在输出结束时,将列出所有权威服务器,包括给定域的备份服务器。
#2
158
You used the singular in your question but there are typically several authoritative name servers, the RFC 1034 recommends at least two.
您在问题中使用了单数,但通常有几个权威名称服务器,RFC 1034建议至少两个。
Unless you mean "primary name server" and not "authoritative name server". The secondary name servers are authoritative.
除非您的意思是“主要名称服务器”而不是“权威名称服务器”。辅助名称服务器是权威的。
To find out the name servers of a domain on Unix:
要在Unix上找出域的名称服务器:
% dig +short NS *.com
ns52.domaincontrol.com.
ns51.domaincontrol.com.
To find out the server listed as primary (the notion of "primary" is quite fuzzy these days and typically has no good answer):
要找出列为主要服务器的服务器(“主要”的概念现在非常模糊,通常没有好的答案):
% dig +short SOA *.com | cut -d' ' -f1
ns51.domaincontrol.com.
To check discrepencies between name servers, my preference goes to the old check_soa
tool, described in Liu & Albitz "DNS & BIND" book (O'Reilly editor). The source code is available in http://examples.oreilly.com/dns5/
为了检查名称服务器之间的差异,我的偏好转到了旧的check_soa工具,在Liu&Albitz“DNS&BIND”一书(O'Reilly编辑)中有描述。源代码可在http://examples.oreilly.com/dns5/中找到
% check_soa *.com
ns51.domaincontrol.com has serial number 2008041300
ns52.domaincontrol.com has serial number 2008041300
Here, the two authoritative name servers have the same serial number. Good.
这里,两个权威名称服务器具有相同的序列号。好。
#3
35
On *nix:
$ dig -t ns <domain name>
#4
15
I have a DNS propagation tool designed to answer these kind of questions.
我有一个DNS传播工具,旨在回答这些问题。
Source is released under the AGPLv3.
资料来源于AGPLv3。
(Yes, the interface is rather basic at the moment :) )
(是的,此刻界面相当基本:))
You could also find out the nameservers for a domain with the "host" command:
您还可以使用“host”命令找到域的名称服务器:
[davidp@supernova:~]$ host -t ns *.com *.com name server ns51.domaincontrol.com. *.com name server ns52.domaincontrol.com.
#5
6
The term you should be googling is "authoritative," not "definitive".
你应该谷歌搜索的术语是“权威的”,而不是“权威的”。
On Linux or Mac you can use the commands whois
, dig
, host
, nslookup
or several others. nslookup
might also work on Windows.
在Linux或Mac上,您可以使用命令whois,dig,host,nslookup或其他几个命令。 nslookup也可以在Windows上运行。
An example:
$ whois *.com
[...]
Domain servers in listed order:
NS51.DOMAINCONTROL.COM
NS52.DOMAINCONTROL.COM
As for the extra credit: Yes, it is possible.
至于额外的信用:是的,这是可能的。
aryeh is definitely wrong, as his suggestion usually will only give you the IP address for the hostname. If you use dig
, you have to look for NS records, like so:
aryeh肯定是错的,因为他的建议通常只会给你主机名的IP地址。如果你使用dig,你必须查找NS记录,如下所示:
dig ns *.com
Keep in mind that this may ask your local DNS server and thus may give wrong or out-of-date answers that it has in its cache.
请记住,这可能会询问您的本地DNS服务器,因此可能会在其缓存中提供错误或过时的答案。
#6
6
I found that the best way it to add always the +trace option:
我发现它总是添加+ trace选项的最佳方式:
dig SOA +trace *.com
It works also with recursive CNAME hosted in different provider. +trace trace imply +norecurse so the result is just for the domain you specify.
它也适用于托管在不同提供程序中的递归CNAME。 + trace trace imply + norecurse,因此结果仅适用于您指定的域。
#7
2
We've built a dns lookup tool that gives you the domain's authoritative nameservers and its common dns records in one request.
我们构建了一个dns查找工具,在一个请求中为您提供域的权威名称服务器及其常见的dns记录。
Example: https://www.misk.com/tools/#dns/*.com
Our tool finds the authoritative nameservers by performing a realtime (uncached) dns lookup at the root nameservers and then following the nameserver referrals until we reach the authoritative nameservers. This is the same logic that dns resolvers use to obtain authoritative answers. A random authoritative nameserver is selected (and identified) on each query allowing you to find conflicting dns records by performing multiple requests.
我们的工具通过在根名称服务器上执行实时(未缓存)的dns查找然后跟随名称服务器引用来找到权威的名称服务器,直到我们到达权威的名称服务器。这与dns解析器用于获取权威答案的逻辑相同。在每个查询上选择(并标识)随机权威名称服务器,允许您通过执行多个请求来查找冲突的dns记录。
You can also view the nameserver delegation path by clicking on "Authoritative Nameservers" at the bottom of the dns lookup results from the example above.
您还可以通过单击上面示例的dns查找结果底部的“权威名称服务器”来查看名称服务器委派路径。
Example: https://www.misk.com/tools/#dns/*.com@f.root-servers.net
#8
1
You can use the whois service. On a UNIX like operating system you would execute the following command. Alternatively you can do it on the web at http://www.internic.net/whois.html.
您可以使用whois服务。在类似UNIX的操作系统上,您将执行以下命令。或者,您可以在网站http://www.internic.net/whois.html上进行此操作。
whois *.com
You would get the following response.
你会得到以下回应。
...text removed here...
......文本已删除...
Domain servers in listed order: NS51.DOMAINCONTROL.COM NS52.DOMAINCONTROL.COM
按列出的顺序排列的域服务器:NS51.DOMAINCONTROL.COM NS52.DOMAINCONTROL.COM
You can use nslookup or dig to find out more information about records for a given domain. This might help you resolve the conflicts you have described.
您可以使用nslookup或dig来查找有关给定域的记录的更多信息。这可能有助于您解决所描述的冲突。
#9
0
Unfortunately, most of these tools only return the NS record as provided by the actual name server itself. To be more accurate in determining which name servers are actually responsible for a domain, you'd have to either use "whois" and check the domains listed there OR use "dig [domain] NS @[root name server]" and run that recursively until you get the name server listings...
不幸的是,大多数这些工具只返回实际名称服务器本身提供的NS记录。为了更准确地确定哪些名称服务器实际负责域,您必须使用“whois”并检查其中列出的域或使用“dig [domain] NS @ [root name server]”并运行递归,直到你得到名称服务器列表...
I wish there were a simple command line that you could run to get THAT result dependably and in a consistent format, not just the result that is given from the name server itself. The purpose of this for me is to be able to query about 330 domain names that I manage so I can determine exactly which name server each domain is pointing to (as per their registrar settings).
我希望有一个简单的命令行,你可以运行以获得可靠的结果并以一致的格式,而不仅仅是从名称服务器本身给出的结果。这对我来说就是能够查询我管理的330个域名,这样我就能确切地确定每个域所指向的名称服务器(根据他们的注册商设置)。
Anyone know of a command using "dig" or "host" or something else on *nix?
任何人都知道在* nix上使用“挖掘”或“主机”或其他东西的命令?
#10
0
SOA records are present on all servers further up the hierarchy, over which the domain owner has NO control, and they all in effect point to the one authoritative name server under control of the domain owner.
SOA记录存在于层次结构上的所有服务器上,域所有者无法控制,并且它们实际上都指向域所有者控制下的一个权威名称服务器。
The SOA record on the authoritative server itself is, on the other hand, not strictly needed for resolving that domain, and can contain bogus info (or hidden primary, or otherwise restricted servers) and should not be relied on to determine the authoritative name server for a given domain.
另一方面,权威服务器本身的SOA记录不是解析该域所必需的,并且可能包含伪造信息(或隐藏的主服务器或其他受限制的服务器),不应依赖它来确定权威名称服务器对于给定的域名。
You need to query the server that is authoritative for the top level domain to obtain reliable SOA information for a given child domain.
您需要查询对*域具有权威性的服务器,以获取给定子域的可靠SOA信息。
(The information about which server is authoritative for which TLD can be queried from the root name servers).
(有关哪个服务器具有权威性,可以从根名称服务器查询哪个TLD的信息)。
When you have reliable information about the SOA from the TLD authoritative server, you can then query the primary name server itself authoritative (the one thats in the SOA record on the gTLD nameserver!) for any other NS records, and then proceed with checking all those name servers you've got from querying the NS records, to see if there is any inconsistency for any other particular record, on any of those servers.
当您从TLD权威服务器获得有关SOA的可靠信息时,您可以查询主要名称服务器本身的权威性(gTLD名称服务器上的SOA记录中的那个!)以获取任何其他NS记录,然后继续检查所有您从查询NS记录中获得的那些名称服务器,以查看在任何这些服务器上是否存在任何其他特定记录的任何不一致。
This all works much better/reliable with linux and dig than with nslookup/windows.
这一切都比使用nslookup / windows更好/可靠的linux和dig。
#11
-2
An easy way is to use an online domain tool. My favorite is Domain Tools (formerly whois.sc). I'm not sure if they can resolve conflicting DNS records though. As an example, the DNS servers for *.com are
一种简单的方法是使用在线域名工具。我最喜欢的是Domain Tools(以前称为whois.sc)。我不确定他们是否可以解决冲突的DNS记录。例如,*.com的DNS服务器是
NS51.DOMAINCONTROL.COM
NS52.DOMAINCONTROL.COM