2

I want to get pairs of name server - ip for some domain. For example, there is serverfault.com domain. I want to get:

NS1.SERVERFAULT.COM - 198.252.206.80
NS2.SERVERFAULT.COM - 198.252.206.81

Is it possible? I try to use the nslookup, but I have no success.

Update. I find out the command: C:\Users\Nick>nslookup -type=ns serverfault.com, but it is not work for me:

C:\Users\Nick>nslookup -type=ns serverfault.com
Server:  UnKnown
Address:  62.68.141.212

Non-authoritative answer:
serverfault.com nameserver = ns3.serverfault.com
serverfault.com nameserver = ns4.serverfault.com
serverfault.com nameserver = ns2.serverfault.com
serverfault.com nameserver = ns1.serverfault.com
Denis
  • 145
  • 1
  • 5

3 Answers3

4

The part of the / a query you want is called "authority." The record type is called NS.

I use "dig" for this. Because Windows is lacking in tools, I install the (free, open-source) Cygwin package at it includes it.

nslookup can also do this and is available by default on Windows systems. On my older Windows system, the nslookup that comes with can give you this via (at least) via either asking for "all records" or "ns records".

Here's doing it with my XP box's cmd prompt for Google.com:

nslookup
> set type=NS
> google.com
Server:  h-67-100-88-26.snfc.ca.megapath.net
Address:  67.100.88.26

Non-authoritative answer:
google.com      nameserver = ns4.google.com
google.com      nameserver = ns1.google.com
google.com      nameserver = ns2.google.com
google.com      nameserver = ns3.google.com

ns3.google.com  internet address = 216.239.36.10
ns4.google.com  internet address = 216.239.38.10
ns1.google.com  internet address = 216.239.32.10
ns2.google.com  internet address = 216.239.34.10
>

The following is the help screen for the Windows XP Corporate Edition nslookup:

Commands:   (identifiers are shown in uppercase, [] means optional)

NAME - print info about the host/domain NAME using default server NAME1 NAME2 - as above, but use NAME2 as server help or ? - print info on common commands set OPTION - set an option all - print options, current server and host [no]debug - print debugging information [no]d2 - print exhaustive debugging information [no]defname - append domain name to each query [no]recurse - ask for recursive answer to query [no]search - use domain search list [no]vc - always use a virtual circuit domain=NAME - set default domain name to NAME srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1,N2, etc. root=NAME - set root server to NAME retry=X - set number of retries to X timeout=X - set initial time-out interval to X seconds type=X - set query type (ex. A,ANY,CNAME,MX,NS,PTR,SOA,SRV) querytype=X - same as type class=X - set query class (ex. IN (Internet), ANY) [no]msxfr - use MS fast zone transfer ixfrver=X - current version to use in IXFR transfer request server NAME - set default server to NAME, using current default server lserver NAME - set default server to NAME, using initial server finger [USER] - finger the optional NAME at the current default host root - set current default server to the root ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE) -a - list canonical names and aliases -d - list all records -t TYPE - list records of the given type (e.g. A,CNAME,MX,NS,PTR etc.) view FILE - sort an 'ls' output file and view it with pg exit - exit the program

The following is the first of the "man pages" for dig:

DIG(1)                               BIND9                              DIG(1)

NAME dig - DNS lookup utility

SYNOPSIS dig [@server] [-b address] [-c class] [-f filename] [-k filename] [-m] [-p port#] [-q name] [-t type] [-x addr] [-y [hmac:]name:key] [-4] [-6] [name] [type] [class] [queryopt...]

   dig [-h]

   dig [global-queryopt...] [query...]

DESCRIPTION dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig.

   Although dig is normally used with command-line arguments, it also has
   a batch mode of operation for reading lookup requests from a file. A
   brief summary of its command-line arguments and options is printed when
   the -h option is given. Unlike earlier versions, the BIND 9
   implementation of dig allows multiple lookups to be issued from the
   command line.

   Unless it is told to query a specific name server, dig will try each of
   the servers listed in /etc/resolv.conf.

   When no command line arguments or options are given, dig will perform
   an NS query for "." (the root).

   It is possible to set per-user defaults for dig via ${HOME}/.digrc.
   This file is read and any options in it are applied before the command
   line arguments.

   The IN and CH class names overlap with the IN and CH top level domains
   names. Either use the -t and -c options to specify the type and class,
   use the -q the specify the domain name, or use "IN." and "CH." when
   looking up these top level domains.
Richard T
  • 1,206
  • 12
  • 29
3

To find the nameservers of a given domain, you can use nslookup to grab the SOA record. Using serverfault.com as an example:

C:\> nslookup
Default Server: <foo>
Address: <bar>

> set type=SOA
> serverfault.com
Server: <foo>
Address: &ltbar>

Non-aithoritative answer:
serverfault.com
        primary name server = ns1.serverfault.com
        responsible mail addr = sysadmins.stackoverflow.com
        serial  = 2013072101
        refresh = 600 (10 mins)
        retry   = 600 (10 mins)
        expire  = 604800 (7 days)
        default TTL = 1440 (24 mins)

serverfault.com nameserver = ns2.serverfault.com
serverfault.com nameserver = ns1.serverfault.com
> exit

C:\>

Then you simply run nslookup against the listed nameservers to get the corresponding IPs.

John
  • 9,070
  • 1
  • 29
  • 34
3

The most concise I can think of is using dig:

$ dig +noall +additional -t ns google.com
ns4.google.com.         27791   IN      A       216.239.38.10
ns1.google.com.         27791   IN      A       216.239.32.10
ns2.google.com.         27791   IN      A       216.239.34.10
ns3.google.com.         27791   IN      A       216.239.36.10

Note that these are actually the cached glue records, though. If you want the answer from the authoritative nameserver itself, you'll need to ask it directly. Easiest way to do that is with +trace, then just look at the last response you get.

$ dig +trace +noall +additional google.com ns
m.root-servers.net.     85952   IN      A       202.12.27.33
m.root-servers.net.     85952   IN      AAAA    2001:dc3::35
a.root-servers.net.     85952   IN      A       198.41.0.4
a.root-servers.net.     85952   IN      AAAA    2001:503:ba3e::2:30
h.root-servers.net.     85952   IN      A       128.63.2.53
h.root-servers.net.     85952   IN      AAAA    2001:500:1::803f:235
d.root-servers.net.     41980   IN      A       199.7.91.13
d.root-servers.net.     41980   IN      AAAA    2001:500:2d::d
c.root-servers.net.     85952   IN      A       192.33.4.12
j.root-servers.net.     85952   IN      A       192.58.128.30
j.root-servers.net.     85952   IN      AAAA    2001:503:c27::2:30
b.root-servers.net.     85952   IN      A       192.228.79.201
k.root-servers.net.     85952   IN      A       193.0.14.129
;; Received 509 bytes from 10.19.12.20#53(10.19.12.20) in 6 ms

a.gtld-servers.net.     172800  IN      A       192.5.6.30
a.gtld-servers.net.     172800  IN      AAAA    2001:503:a83e::2:30
b.gtld-servers.net.     172800  IN      A       192.33.14.30
b.gtld-servers.net.     172800  IN      AAAA    2001:503:231d::2:30
c.gtld-servers.net.     172800  IN      A       192.26.92.30
d.gtld-servers.net.     172800  IN      A       192.31.80.30
e.gtld-servers.net.     172800  IN      A       192.12.94.30
f.gtld-servers.net.     172800  IN      A       192.35.51.30
g.gtld-servers.net.     172800  IN      A       192.42.93.30
h.gtld-servers.net.     172800  IN      A       192.54.112.30
i.gtld-servers.net.     172800  IN      A       192.43.172.30
j.gtld-servers.net.     172800  IN      A       192.48.79.30
k.gtld-servers.net.     172800  IN      A       192.52.178.30
l.gtld-servers.net.     172800  IN      A       192.41.162.30
;; Received 500 bytes from 192.58.128.30#53(192.58.128.30) in 148 ms

ns2.google.com.         172800  IN      A       216.239.34.10
ns1.google.com.         172800  IN      A       216.239.32.10
ns3.google.com.         172800  IN      A       216.239.36.10
ns4.google.com.         172800  IN      A       216.239.38.10
;; Received 164 bytes from 192.42.93.30#53(192.42.93.30) in 174 ms

ns4.google.com.         345600  IN      A       216.239.38.10
ns2.google.com.         345600  IN      A       216.239.34.10
ns1.google.com.         345600  IN      A       216.239.32.10
ns3.google.com.         345600  IN      A       216.239.36.10
;; Received 164 bytes from 216.239.36.10#53(216.239.36.10) in 12 ms

Generally these are the same, but if the domain is in the middle of switching nameservers, it could differ.

Cakemox
  • 25,209
  • 6
  • 44
  • 67