Finding Information About Domain Names
When you make a request to facebook.com, your computer looks up the domain name to translate that domain name into an IP address so your computer can make that connection. An IP address points to a computer on the Internet, but a domain name is easier to remember than a group of numbers. Domain Name System (DNS) servers store the mappings of IP addresses, along with other information. There are several command-line tools you can use to query these servers.
Use the dig command to “dig” through domain name records and find the IP addresses associated with those. It’s a reliable way to get information about a domain:
| | $ dig facebook.com |
| | ; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> facebook.com |
| | ;; global options: +cmd |
| | ;; Got answer: |
| | ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30501 |
| | ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 |
| | |
| | ;; OPT PSEUDOSECTION: |
| | ; EDNS: version: 0, flags:; udp: 65494 |
| | ;; QUESTION SECTION: |
| | ;facebook.com. IN A |
| | |
| » | ;; ANSWER SECTION: |
| » | facebook.com. 1 IN A 157.240.18.35 |
| | |
| | ;; Query time: 22 msec |
| | ;; SERVER: 127.0.0.53#53(127.0.0.53) |
| | ;; WHEN: Sun Mar 03 21:06:17 CDT 2019 |
| | ;; MSG SIZE rcvd: 57 |
Look at the Answer Section to see the IP addresses. In this example, only one IP address is associated with this domain name. But use the dig command with google.com and you’ll see that they’ve associated more than one IP address. This is what sites do that need high availability. If one IP goes down, the others can answer.
Sometimes you need to find out who owns a domain name so you can contact them. Or you want to check if a domain name exists so you can purchase it. Some unscrupulous companies offer online domain searches, and when you search for a domain you want, they purchase it automatically so that when you go to pay for it, they can charge you more.
The whois command is a quick way to see if a domain name exists. If it does exist, you can see who owns it, along with contact information. The whois command uses domain name servers to query the registration information of a domain.
On Ubuntu, you may have to install the whois command with apt:
| | $ sudo apt install whois |
Now use it to look at the registration information for the pragprog.com domain:
| | $ whois pragprog.com |
When you run that, you’ll be greeted with a wall of information, including when the domain name expires and who to contact about it.
Based on this information:
- Who would you contact about technical issues?
- When was the domain first registered?
- Why do you think there are so many name servers associated?
You can learn a lot about a domain with the whois command.
Sometimes you don’t know the domain name. Sometimes you only have the IP address. The host command makes it easy to look up a domain name from an IP. If you’re looking through security logs and you’re getting hits from a certain IP address, try using the host command to look up the domain name of the request:
| | $ host 8.8.8.8 |
This command tells you a lot about this IP address:
| | 8.8.8.8.in-addr.arpa domain name pointer google-public-dns-a.google.com. |
It looks like this IP belongs to Google. Try running this command with your own IP address. You might see a result like this:
| | 113.6.in-addr.arpa domain name pointer 113-7.dhcp.eucl.wi.charter.com. |
A lot of residential internet providers register IP addresses in their own DNS servers just like this, which makes it easy to tell who’s the ISP. In this example, it looks like this IP address is associated with an ISP in Eau Claire, Wisconsin. With this knowledge, you can then get more information by contacting the ISP. Of course, you can’t guarantee this information, and you really can’t accurately tie an IP to a geographic region unless the owner of the IP helps you along like the ISP did in this example. Still, this is one tool of many that you can use to learn more about the IP addresses you’re communicating with.
Now, let’s look at how to test network connectivity.