0

I can use dig to get the full master file output of DNS info, and for my problem I am interested in the information in the "additional" section:

$ dig example.com

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7_5.1 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36588
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com. IN A

;; ADDITIONAL SECTION:
example.server.com. 60     IN      SOA     need.to.know.only. hostmaster.spamhaus.org. 1542300481 60 60 432000 60

;; Query time: 1 msec
;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx)
;; WHEN: Thu Nov 15 11:53:41 EST 2018
;; MSG SIZE  rcvd: 161

This is an easy way I can know that my RPZ is blocking the domain via Spamhaus. I want to provide an easy method for anyone on any operating system to get at this information. Unfortunately the only tool that seems to be everywhere is nslookup, and I cannot seem to give it an option that will return that info in a single command line run. In *nix, I would do:

dig +noall +additional example.com

If the SOA record says "need.to.know.only.", that is my confirmation.

How can I do this in Windows (or really, one command that will work on any operating system)?

EDIT:

  • I realize I can use the interactive mode of nslookup and set debugging option, but that is too much info for a non-technical person to weed through.
  • I am also open to using a web page to do the lookup, but it is critical that that web page use MY DNS servers, because that is where the block is happening.
Watki02
  • 587
  • 2
  • 12
  • 22

2 Answers2

2

Per your edit, it sounds like you can see what you are looking for with the "debug" option, but you don't want to use interactive mode. You can still get this with a single command:

nslookup -debug example.com
Doug Deden
  • 1,844
  • 7
  • 10
  • it appears this 'works', but (also per my comment) it is still too much for a non-technical user to weed through. – Watki02 Nov 16 '18 at 14:38
  • I see. I thought you were just looking for a way to get the debugging option for nslookup enabled in a single line. Now that I see that you are looking to only present the line(s) you want, your use of Findstr and Grep mentioned elsewhere is the best approach. – Doug Deden Nov 19 '18 at 16:29
0

It looks like there is no single command that will run on EVERY operating system, but I could break it down like this:

on Windows, from command prompt: nslookup -debug example.com | FINDSTR need.to.know.only

on Unix, Mac, etc., from command line: nslookup -debug example.com | grep need.to.know.only

But since I already know at that point that I am on a *nix box, I could just say:

on Unix, Mac, etc., from command line: dig example.com | grep need.to.know.only

Again, the idea is to make a single check a non-technical user could run and see a clean answer to the question.

Watki02
  • 587
  • 2
  • 12
  • 22