Finding all DNS aliases for a host using nslookup/dig/host or similar command (20659 Views)
Reply
Advisor
R Cardwell
Posts: 28
Registered: ‎03-11-2003
Message 1 of 18 (20,659 Views)
Accepted Solution

Finding all DNS aliases for a host using nslookup/dig/host or similar command

Hi,

Hopefully someone on here will know how to do this, as I have searched on here and on google to no avail.

I'am trying to write a script that can retrieve a hosts ip address and all its alias when supplied with its fully qualified hostname.

Now getting the IP is easy enough, however I can't seem to find a way to extract the aliases from DNS.

Anyone know how to do this?

Rich Cardwell
Honored Contributor
Simon Hargrave
Posts: 744
Registered: ‎06-15-1998
Message 2 of 18 (20,659 Views)

Re: Finding all DNS aliases for a host using nslookup/dig/host or similar command

How about something like: -

$ nslookup

> server1.yourdomain.com

Name Server: dns.yourdomain.com
Address: 134.202.170.200

Trying DNS
Name: server1.yourdomain.com
Address: 134.202.4.2


Then to get the aliases (CNAMES) for that domain: -

> ls -a yourdomain.com

This will give a list of hostname->hostname aliases. You can grep your hostname from this to find your alises.
Advisor
R Cardwell
Posts: 28
Registered: ‎03-11-2003
Message 3 of 18 (20,659 Views)

Re: Finding all DNS aliases for a host using nslookup/dig/host or similar command

Hmmm, that looks like it should do it. However I get the following output when I try that command

*** Can't list domain XXX.XXX.XXX.XXX: Unspecified error

or I get this

*** Can't list domain XXX.XXX.XXX.XXX: Query refused

Looks like a DNS, might be configured to reject these commands then.

RichC
Honored Contributor
Rick Garland
Posts: 4,470
Registered: ‎06-25-1997
Message 4 of 18 (20,659 Views)

Re: Finding all DNS aliases for a host using nslookup/dig/host or similar command

If there are aliases existing for a host, the nslookup will output that info as well - usually towards the bottom of the nslookup output
Honored Contributor
Muthukumar_5
Posts: 4,030
Registered: ‎06-09-2004
Message 5 of 18 (20,659 Views)

Re: Finding all DNS aliases for a host using nslookup/dig/host or similar command

Hostname lookup are decided based on hosts: entry on /etc/nsswitch.conf file.

If it is,

hosts: files dns ldap ..

It will try to resolve on /etc/hosts (files) first then

/etc/resolv.conf (dns) file

It is good to use as,

hosts: dns files

in /etc/resolv.conf

domain test.com
nameserver xx.xx.xx.xx

If you try

# nslookup

It will give the resolved one now!!

Else add the full entry on

/etc/hosts file as,

IP-Address aliasname
172.16.1.68 test.test.com test

It will do that also
nameserver
Easy to suggest when don't know about the problem!
Advisor
R Cardwell
Posts: 28
Registered: ‎03-11-2003
Message 6 of 18 (20,659 Views)

Re: Finding all DNS aliases for a host using nslookup/dig/host or similar command

Doesn't seem to Rick, I'am doing queries on a server I know to have 5 aliases and it just returns the hostname I supply and its IP address.

Rich Cardwell
HP Pro
Dave Olker
Posts: 1,432
Registered: ‎10-10-2002
Message 7 of 18 (20,659 Views)

Re: Finding all DNS aliases for a host using nslookup/dig/host or similar command

Hi Rich,

When you say:

____________________________________

I am doing queries on a server I know to have 5 aliases and it just returns the hostname I supply and its IP address.
____________________________________


How do you know there are 5 aliases for this IP address? Is it that the /etc/hosts file has 5 aliases for this IP address, or do you know for a fact that the DNS table you're using has all 5 aliases? I just want to be sure that the DNS tables you're using were built appropriately to contain all 5 aliases.

A couple of things to try, if nslookup is not returning what you want:

1) Try nsquery

# nsquery hosts ros-resolver dns

Using "dns" for the hosts policy.

Searching dns for ros-resolver
Hostname: rose-resolver
Aliases: ros-resolver
Address: XXX.XXX.XXX.XXX
Switch configuration: Terminates Search

This program allows you to override whatever search routine is specified in your /etc/nsswitch.conf file and use whichever name repositories you wish. As you can see from my above example, it returned the hostname, IP address and alias information.


2) If you are not absolutely certain that DNS contains all of the alias information, you can verify this by collecting a network trace of the DNS query and look at the answer packet in the trace.

For example:


================================ IP Header (outbound -- pid: 355033) =========
Source: hpatcux9.rose.hp.com(A) Dest: rose-resolver.americas.hp.net(A)
len: 74 ttl: 64 proto: 17 cksum: 0x19bc id: 0x6fe5
flags: DF tos: 0x0 hdrlen: 20 offset: 0x0 optlen: 0
-------------------------------- UDP Header ----------------------------------
sport: 63319 --> dport: domain data len: 46 chksum: 0xb149
-------------------------------- BIND Header ---------------------------------
flags: rd
opcode: QUERY rcode: NOERROR id: 0x36df
qdcount: 0x1 ancount: 0x0 nscount: 0x0 arcount: 0x0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ QUESTIONS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
domain name: ros-resolver.americas.hp.net
type: A class: IN



================================ IP Header (inbound -- [ICS]) ================
Source: rose-resolver.americas.hp.net(A) Dest: hpatcux9.rose.hp.com(A)
len: 302 ttl: 62 proto: 17 cksum: 0x8abd id: 0x0
flags: DF tos: 0x0 hdrlen: 20 offset: 0x0 optlen: 0
-------------------------------- UDP Header ----------------------------------
sport: domain --> dport: 63319 data len: 274 chksum: 0x641
-------------------------------- BIND Header ---------------------------------
flags: qr aa rd ra
opcode: QUERY rcode: NOERROR id: 0x36df
qdcount: 0x1 ancount: 0x2 nscount: 0x5 arcount: 0x5
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ QUESTIONS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
domain name: ros-resolver.americas.hp.net
type: A class: IN
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ANSWERS ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
domain name: ros-resolver.americas.hp.net
type: CNAME class: IN ttl: 28800 dlen: 16
domain name: rose-resolver.americas.hp.net

domain name: rose-resolver.americas.hp.net
type: A class: IN ttl: 7200 dlen: 4
internet address: 15.251.192.51
...


I've removed some of the information from the ANSWER packet for simplicity, but you can see at the top of the ANSWER packet is the primary hostname and the alias information.

If a network trace doesn't show this information then my guess is you don't have your DNS tables built correctly.

3) Use nslookup debug mode

# nslookup -d2 rose-resolver.americas.hp.net
------------
SendRequest(), len 44
HEADER:
opcode = QUERY, id = 13505, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
51.192.251.15.in-addr.arpa, type = PTR, class = IN

------------
------------
Got answer (296 bytes):
HEADER:
opcode = QUERY, id = 13505, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 2, authority records = 5, additional = 5

QUESTIONS:
51.192.251.15.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 51.192.251.15.in-addr.arpa
type = PTR, class = IN, dlen = 31
name = rose-resolver.americas.hp.net
ttl = 7200 (2H)
-> 51.192.251.15.in-addr.arpa
type = PTR, class = IN, dlen = 13
name = forwarders.americas.hp.net
ttl = 7200 (2H)


Again, I've striped out much of the reply packet for simplicity, but this should show you the same information as the network trace, and you can verify whether the DNS tables were populated with the aliases.

Good luck,

Dave
Honored Contributor
Sundar_7
Posts: 1,938
Registered: ‎11-07-2000
Message 8 of 18 (20,659 Views)

Re: Finding all DNS aliases for a host using nslookup/dig/host or similar command

ls -a domainname will not work if the port 53/TCP is blocked or if the DNS has been configured to accept zone transfer requests only from specific hosts (typically secondary DNS servers).
Learn What to do ,How to do and more importantly When to do ?
Honored Contributor
Jeff_Traigle
Posts: 1,354
Registered: ‎03-04-2004
Message 9 of 18 (20,659 Views)

Re: Finding all DNS aliases for a host using nslookup/dig/host or similar command

In looking into this question off and on today, the only way I've been able to get the alias (CNAME record) from nslookup or nsquery is to use the alias as the argument instead of the hostname or IP address. Though I seem to recall years ago on SunOS 4 and IRIX 4 being able to use ANY as the querytype to get all records for a hostname or IP address from DNS (and the nslookup man page states this is the case), it doesn't appear to work on HP-UX. I know the systems I have at work are behind on patches though and they are 11.00... I can try it out at home tonight on my 11i workstation to see if it behaves the same or not.
--
Jeff Traigle
Honored Contributor
Patrick Wallek
Posts: 13,787
Registered: ‎06-21-2000
Message 10 of 18 (20,659 Views)

Re: Finding all DNS aliases for a host using nslookup/dig/host or similar command

Here are 3 nslookups from one of my HP-UX 11.11 machines. nslookup for me lists all aliases, or all IPs, if more than 1 exists.

# nslookup whpackage1
Using /etc/hosts on: hqunm01

looking up FILES
Name: whpackage1.d.com
Address: 170.7.2.11
Aliases: whpackage1, wh06.d.com, wh07.d.com,wh09.d.com, wh14.d.com, wh15.d.com, wh17.d.com, wh40.d.com, wh63.d.com, wh16.d.com

# nslookup 170.7.2.11
Using /etc/hosts on: hqunm01

looking up FILES
Name: whpackage1.d.com
Address: 170.7.2.11
Aliases: whpackage1, wh06.d.com, wh07d.com, wh09.d.com, wh14.d.com, wh15.d.com, wh17.d.com, wh40.d.com, wh63.d.com, wh16.d.com

# nslookup www.yahoo.com
Using /etc/hosts on: hqunm01

looking up FILES
Trying DNS
Non-authoritative answer:
Name: www.yahoo.akadns.net
Addresses: 216.109.117.110, 216.109.118.68, 216.109.118.75, 216.109.118.78,216.109.118.72, 216.109.117.108, 216.109.117.107, 216 109.117.205
Aliases: www.yahoo.com




HP Pro
Dave Olker
Posts: 1,432
Registered: ‎10-10-2002
Message 11 of 18 (20,658 Views)

Re: Finding all DNS aliases for a host using nslookup/dig/host or similar command

Hi Patrick,

I think Jeff's point is that when you use DNS as your resolver, it appears to only return the alias names if you search using an alias name. In your first two examples you were using /etc/hosts for resolution. In the 3rd example you used DNS but you specified the alias name. Try #3 again using the real name. On my system I get:

# nslookup www.yahoo.com
Name Server: rose-resolver.americas.hp.net
Address: 15.251.192.51

Trying DNS
Non-authoritative answer:
Name: www.yahoo.akadns.net
Addresses: 66.94.230.44, 66.94.230.46, 66.94.230.43, 66.94.230.32
66.94.230.51, 66.94.230.37, 66.94.230.48, 66.94.230.42
Aliases: www.yahoo.com


# nslookup www.yahoo.akadns.net
Name Server: rose-resolver.americas.hp.net
Address: 15.251.192.51

Trying DNS
Non-authoritative answer:
Name: www.yahoo.akadns.net
Addresses: 66.94.230.48, 66.94.230.46, 66.94.230.33, 66.94.230.44
66.94.230.52, 66.94.230.42, 66.94.230.32, 66.94.230.50


The first query returns the alias name because I searched using the alias name. The 2nd query did not return the alias name because I specified the "real" name.


Rich - is this the same behavior you get? If you search using an alias name do you get all the aliases but when you search using the "primary" name you don't get the aliases, or are you not getting alias information at all?

Regards,

Dave
Honored Contributor
Patrick Wallek
Posts: 13,787
Registered: ‎06-21-2000
Message 12 of 18 (20,658 Views)

Re: Finding all DNS aliases for a host using nslookup/dig/host or similar command

I just tried the same thing on one of my HP-UX 11.0 boxes and the aliases do NOT show up. I wonder if it is patch related......
Honored Contributor
Jeff_Traigle
Posts: 1,354
Registered: ‎03-04-2004
Message 13 of 18 (20,658 Views)

Re: Finding all DNS aliases for a host using nslookup/dig/host or similar command

I just got home and did some experimenting... this issue seems to be platform specific and HP doesn't handle it like MS, Apple, or Red Hat. Here's what I tried...

I have a DNS server set up for my home network. I have two CNAME records set up for the Linux system. With no corresponding PTR records for the CNAME records, the only way I could get any of the lookup tools (nslookup, nsquery, host) to return the aliases was to use the alias as the argument in the lookup command query as I stated previously... and then it would only return that particular alias, not all of them.

When I added PTR records for each CNAME, the differences in implementation surfaced. On MacOS X, Windows XP, and Red Hat Fedora Core 2, doing the lookup on the IP address would return all aliases regardless of the tool used. On HP-UX, it doesn't. (I'm patched upto June 2003 for required patches and Sept. 2003 on Support and Hardware Enabled patches on 11.11.)

I would personally classify this as a bug in HP's implementation since everyone else at least returns the aliases with an IP address provided if the PTR records are in DNS.
--
Jeff Traigle
Honored Contributor
Jeff_Traigle
Posts: 1,354
Registered: ‎03-04-2004
Message 14 of 18 (20,658 Views)

Re: Finding all DNS aliases for a host using nslookup/dig/host or similar command

Oops. I take that back... nslookup on WinXP only returns the A record and not the CNAME records when given the IP address when the PTR records are present... but, then again, we all expect MS stuff to be broken, right? :)

I looked for "nslookup" in the patch database and found PHNE_30068 for 11.11. (There were several others all related to OV.) Applying it didn't solve the problem, but it did change the behavior of the results (or I just noticed the behavior after the patch anyway)... doing the nslookup or nsquery cycles through the A record and CNAME records in its results when the IP address is supplied (not in a regular fashion that I can determine), but still doesn't show them all.
--
Jeff Traigle
Advisor
R Cardwell
Posts: 28
Registered: ‎03-11-2003
Message 15 of 18 (20,658 Views)

Re: Finding all DNS aliases for a host using nslookup/dig/host or similar command

Thanks for all the responses, I have had a look at the responses and tried the various solutions that have been presented however, I still can't get the output I'am after.

The host aliases are definately in DNS, as I can perform nslookup's on each hostname and and they all return the same IP address. The only difference is when I do a nslookup on the primary hostname it just returns the IP, whereas when do perform an nslookup lookup on an aliases, it returns the primary hostname, ip address and an additional alias field with the alias name. Reverse lookups of the IP address always return the primary hostname without any reference to the aliases.

Rich Cardwell.

nb: I applied the latest DNS/BIND patch, and this hasn't fixed the output.

Honored Contributor
Muthukumar_5
Posts: 4,030
Registered: ‎06-09-2004
Message 16 of 18 (20,658 Views)

Re: Finding all DNS aliases for a host using nslookup/dig/host or similar command

Hai,

If you have aliases for that host / ip-address then you will get the informations of all aliases.

It is good to have your work / tries to analyse more.

Try to check as,

nsquery hosts "dns"

nsquery hosts "dns"

nsquery hosts "dns"

Are you getting differences over there.

Pls specify the informations and tests you have done and difference to forums so that all will give their views.

Easy to suggest when don't know about the problem!
Honored Contributor
Geoff Wild
Posts: 7,170
Registered: ‎06-04-2001
Message 17 of 18 (20,658 Views)

Re: Finding all DNS aliases for a host using nslookup/dig/host or similar command

This is how to get the CNAME:

dig @DNSSERVER yourdomain.com axfr |grep CNAME |grep HOST

Example:

dig @mydnsserver mydomain.com axfr |grep CNAME |grep server1
w052.mydomian.com. 14400 IN CNAME server1.mydomain.com.

Rgds...Geoff

Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Advisor
R Cardwell
Posts: 28
Registered: ‎03-11-2003
Message 18 of 18 (20,658 Views)

Re: Finding all DNS aliases for a host using nslookup/dig/host or similar command

Bingo, Geoff's answer gets the result I was after, seems a little inefficient to pull all the hostnames from my domain, but it it works oh well.

Thanks for your help everyone.

Rich Cardwell.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.