# Dig is a somewhat more flexible tool for doing DNS queries from # the command line. The output is also more DNS-like so to # understand it, you need to know a little about DNS. For our # use-case, it should be sufficient to know that there are different # types of records in DNS (carrying different types of info about # hostnames): ‹NS› stands for name server (i.e. a DNS server # responsible for a given subdomain), ‹A› stands for IPv4 address, # ‹AAAA› stands for IPv6 and ‹MX› stands for mail exchanger. Let's # try some basic queries: dig aisa.fi.muni.cz -t A # The above performs a DNS query using the default system DNS # recursive server. It does not perform recursion itself. The # output is fairly long, so let's look at what's in there. Let's # ignore the header, all the way until QUESTION SECTION. The # question section shows us what the question we asked was. In this # case, we would like the ‹A› record of ‹aisa.fi.muni.cz› filled in # for us. # What follows is an ANSWER SECTION, which contains the answer to # our query: it tells us that the ‹A› record for ‹aisa.fi.muni.cz› # contains the address ‹147.251.48.1›. What follows after that is # the list of name servers (‹NS› records) responsible for the domain # ‹fi.muni.cz.› and finally we get some ‹A› and ‹AAAA› records for # those name servers too. In case we wanted to directly consult # them. # We will actually stop the script here, so you can dig (ha-ha) # through all the output ; when you are ready to continue, just hit # enter. read # Since output from ‹dig› is so long and tedious, let's only do one # more. This replicates what I have shown you in the lecture (but # that was somewhat redacted, to fit in the slide). Let's also ask # for a different type of record for the fun of it. The ‹+trace› # tells ‹dig› to perform recursion itself and print all the # intermediate results too. dig fi.muni.cz -t MX +trace # The ‹MX› record tells us who handles mail for the given domain. So # when you send an email to me (using my ‹@fi.muni.cz› address), the # MTA that sends email for you will do an ‹MX› lookup for # ‹fi.muni.cz› to find out which computer it should contact. In this # case, it'll see: # # fi.muni.cz. 300 IN MX 50 relay.muni.cz. # # Which basically means there's only one mail exchanger, and its DNS # name is ‹relay.muni.cz.› Let's continue in this spirit with # ‹netcat.sh›.