Name Resolution Troubleshooting

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hey there, Cybrarians,
00:00
and welcome back to the Linux plus
00:00
course here at Cybrary.
00:00
I'm your instructor Rob Goelz,
00:00
and in today's lesson we're going to be
00:00
covering Name Resolution Commands.
00:00
Upon completion of today's lesson,
00:00
you are going to be able to use nslookup,
00:00
dig, and host to verify name resolution.
00:00
In a Linux system,
00:00
client-side DNS is used for name resolution.
00:00
That means the systems ask
00:00
other servers for name resolution info,
00:00
the etc host file is used for
00:00
local host name resolution while
00:00
etcresolv.conf is used for
00:00
external name servers that
00:00
provide name resolution, and we've seen that before.
00:00
We've looked at name servers and etcresolv.conf.
00:00
We could use the tools dig, nslookup,
00:00
and host to perform host name resolution in verification.
00:00
Let's take a look at this with some demo time.
00:00
Here we are in our demo environment
00:00
and the first thing we're
00:00
going to look at today is the dig command.
00:00
Now, the dig command is really useful because
00:00
we can specify the type
00:00
of DNS record that we're looking for.
00:00
For example, the a record which
00:00
is the address mapping record.
00:00
This is host name, the IP,
00:00
that's the most common type of record.
00:00
We can also look for the MX record,
00:00
which stands for Mail Exchanger,
00:00
that gives you a list of the mail servers
00:00
for a particular domain.
00:00
Then finally, we can also search for
00:00
the NS or Name Server DNS record,
00:00
and that indicates the DNS server for that domain.
00:00
On the CentOS system here today,
00:00
let's look at the different types of
00:00
DNS records for google.com.
00:00
We can do dig google.com and then just specify a,
00:00
and this will give us the a record for this system.
00:00
We can see right here the answer section.
00:00
It tells us google.com,
00:00
a record 142,
00:00
250, 81, 206.
00:00
We can do the same thing as well if we
00:00
want to for the MX record,
00:00
the Mail Exchanger, so we can do dig google.commx.
00:00
Here we can see that there are quite a few answers
00:00
that we've gotten from
00:00
the system here in terms of
00:00
the male exchangers or MX records for Google.
00:00
Couple of mail servers there that they provide.
00:00
Then finally we could do the same thing for
00:00
the NS or name server record.
00:00
We'll do dig google.com
00:00
and we're going to search for NS or name server.
00:00
In here we can see that this returns
00:00
a bunch of results as well.
00:00
One thing we notice as well here is
00:00
you see these four As, A, A,
00:00
A, A record or A,
00:00
A, A, A record.
00:00
Yeah. Anyway, these are IPV6 records,
00:00
and an a record is just an IPv4 record.
00:00
Notice there's difference here in the addresses.
00:00
This is an IPV6 record,
00:00
which is a quadruple a record and a
00:00
single a record is just for IPV4 addresses.
00:00
That's pretty much all we need to
00:00
know about the dig command.
00:00
Now let's take a look at the nslookup command
00:00
over another bounty systems.
00:00
Here we are on our bounty system and
00:00
the nslookup command can provide
00:00
host names to IP resolution,
00:00
and it can also do the reverse,
00:00
resolving IP addresses to host names.
00:00
IP to host name or host name
00:00
to IP and then IP to host name.
00:00
For example, on a bounty we can do nslookup,
00:00
dns.google.com and that's going
00:00
to return some information for us here.
00:00
For example, we see address 8.8.8.8 is dns.google.com.
00:00
But now we can also do the reverse.
00:00
We could do nslookup on 8.8.8.8 and hit "Enter",
00:00
and this returns name equals dns.google.
00:00
Again, hosts this nslookup here we can go from hostname
00:00
dns.google.com to IP and from nslookup 8.8.8.8,
00:00
which is the IP address,
00:00
and then return the host name dns.google.
00:00
Let's move on and take a look at
00:00
one last command and that is the host command.
00:00
An host command is just another command that you can
00:00
use to look up an IP address for a host name.
00:00
However, it's sometimes provides or
00:00
coughs up additional information as well.
00:00
For example, we can do host on google.com,
00:00
and when we hit "Enter" here,
00:00
it's not only going to give us the IP address,
00:00
it's also going to give us this IPV6 address,
00:00
which we can see right here.
00:00
We see an IPV4 address,
00:00
172, 217, 2.110,
00:00
and we see this IPV6 address
00:00
as well as some mail exchanger information.
00:00
Bonus. With that, in this lesson,
00:00
we covered verifying host name resolution
00:00
and we got to play around with the nslookup,
00:00
dig, and host commands during our demo.
00:00
Thanks so much for being here and I look
00:00
forward to seeing you in the next lesson.
Up Next