Different incantations of nslookup. nslookup To simply lookup hostname using your default nameserver(s). nslookup To ask a particular nameserver. Note the nameserver must be specified by I.P. name. Using I.P. address doesn't work. nslookup -qt=all The default. Show me all types of records. nslookup -qt=ns Only show me the name server record types. nslookup -qt=MX Show the Mail eXchange records. nslookup ls delphion.com To list all I.P. names under this domain. nslookup To do reverse lookups -------------------------------------------------------------------------------------- One day, I asked Tony to investigate the I.P. address 132.70.1.100. Here are the commands he used to do that. nslookup -qt=ns 70.132.in-addr.arpa. also nslookup -qt=ns 1.70.132.in-addr.arpa. Then he tried using whois, which is an application pulled off the Internet. Da Li has a socksified version of it at /local/bin/rwhois, that uses /afs/almaden.ibm.com/common/etc/socks.conf and a plain, vanilla one that uses the standard /etc/socks.conf in /u/dali/public/rwhois. rwhois 132.70.1.0 and when that returned No match for "132.70.1.0". The InterNIC Registration Services database contains ONLY non-military and non-US Government Domains and contacts. Other associated whois servers: American Registry for Internet Numbers - whois.arin.net European IP Address Allocations - whois.ripe.net Asia Pacific IP Address Allocations - whois.apnic.net US Military - whois.nic.mil US Government - whois.nic.gov Tony then tried rwhois -h whois.ripe.net 132.70.1.0 That told him that the address comes from the Bar-Ilan University Network, the country code was IL (Isreal), and the technical contact is Doron Shikmoni, along with a phone number, fax number, e-mail address, etc. -------------------------------------------------------------------------------------- Here's what I did on 2-10-2004 to learn more about the following Wila-Derwent's domains, ipr-village.info External, Internet domain. Deprecated, I think. intranet.wila Yes, with no trailing .com or .de. This obviously is Internal Use Only. wiladerwent.de Another External, Internet domain. Stale. nslookup Default Server: loon.delphion.com Address: 10.224.88.254 > set type=ns > info. Start with the domain part of ipr-village.info Server: loon.delphion.com Address: 10.224.88.254 Non-authoritative answer: info nameserver = TLD1.ULTRADNS.NET info nameserver = TLD2.ULTRADNS.NET Authoritative answers can be found from: TLD1.ULTRADNS.NET internet address = 204.74.112.1 TLD2.ULTRADNS.NET internet address = 204.74.113.1 This told me that the 2 tld[12].ultradns.net servers were the authoritative servers for the info top-level domain. To change to using one of those servers, > server TLD1.ULTRADNS.NET. (Note the ending dot) Default Server: TLD1.ULTRADNS.NET Address: 204.74.112.1 Now to see who the DNS servers are for the ipr-village.info domain, > ipr-village.info. Server: TLD1.ULTRADNS.NET Address: 204.74.112.1 ipr-village.info nameserver = homer07us.ipr-village.info ipr-village.info nameserver = homer04eu.ipr-village.info info nameserver = tld2.ultradns.net info nameserver = tld1.ultradns.net tld2.ultradns.net internet address = 204.74.113.1 tld1.ultradns.net internet address = 204.74.112.1 homer07us.ipr-village.info internet address = 63.84.162.200 homer04eu.ipr-village.info internet address = 195.27.130.116 and to switch to using one of those servers, > server homer07us.ipr-village.info. Default Server: homer07us.ipr-village.info Address: 63.84.162.200 and finally to see all that it knows about (manually sorted by I.P. address) > ls ipr-village.info. [homer07us.ipr-village.info] $ORIGIN ipr-village.info. @ 1D IN NS homer01eu 1D IN NS homer01us marge01eu 1D IN A 195.27.130.113 bart01eu 1D IN A 195.27.130.114 www 1S IN A 195.27.130.115 homer01eu 1D IN A 195.27.130.116 <-- Yes, the same IP address homer04eu 1D IN A 195.27.130.116 <-- for two different names. patty 1D IN A 195.27.130.117 homer01us 1D IN A 63.84.162.200 marge01us 1D IN A 63.84.162.201 bart01us 1D IN A 63.84.162.202 cisco01us 1D IN A 63.84.162.203 1S IN A 63.84.162.204 <-- No name for this address?? If you follow the traceroute for these addresses, they go to Detroit, then Medstat (medstat-gw.customer.alter.net), so these addresses seem correct. As contrasted to the ones you'll find in the wiladerwent.de domain, viz homer01us 1D IN A 195.27.60.194 <-- marge01us 1D IN A 195.27.60.194 <-- Yes, all of these are bart01us 1D IN A 195.27.60.194 <-- the same I.P. address. cisco01us 1D IN A 195.27.60.194 <-- If you follow the traceroute of these addresses, they go overseas to Frankfurt, then to wila-gw-MUC1.de.cw.net, so these must be old I.P. addresses, so they're wrong, yet they still answer pings. Hmmm. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- For the intranet.wila domain, this obviously is different because wila is not a top-level domain. If you log in to one of the German machines, for example wilasys (10.228.40.50), you can telnet 10.228.40.50 & login as rjasper/rjasper. $ cat /etc/resolv.conf domain intranet.wila search intranet.wila nameserver 10.228.40.20 (dc01server) nameserver 10.228.40.21 (dc02server) nameserver 192.168.1.1 nameserver 192.168.1.11 nameserver 192.168.1.19 Note that intranet.wila is their default domain. From THAT system, you can learn about intranet.wila, which is the domain known only to Munich internal machines.