DNS Tools: Help

DNSInspector Manual

Summary

DNSInspector, the complete toolkit of network information utilities, includes the following
major features:

  • access monitoring & log management,
  • spambot “bad behavior” screening,
  • geoIP & top countries usage mapping,
  • multidomain & IP/AS whois lookups,
  • autodiscovery for whois TLD server,
  • DNS and Dig (ANY, SOA, NS, MX) queries,
  • email address format & MX validation,
  • port check with services lookup option,
  • HTTP HEAD and GET requests,
  • ICMP pings (local and/or remote),
  • traceroutes (local and/or remote),
  • looking glass router interrogation,

What Can DNSInspector Do For Me?

DNSInspector provides site administrators and technicians with readily available and highly
useful information about their ISP performance and their Internet environment generally. But it’s
not just for “network nerds”. Ordinary users can also benefit from access to DNSInspector’s functions and features. In particular, perhaps, the ability to view their own Internet connection from the downstream (“outside-in”) direction is especially useful to your end users as that is the routing they depend on most.

Have you ever wondered who owns that disturbing web site that your child stumbled upon while
browsing, and would you like to have some accurate contact information to complain about its lack of
COPA protections? Want to know if an email address is valid? Or maybe you’ve joined the rapidly
growing world of “always connected” Internet access and are concerned about whether your newly bought “firewall” software really has closed all of the entry ports to your system. Perhaps you’re an ardent gamer who worries about “lag times” and would like to know where those game-losing extra milliseconds are coming from. DNSInspector can answer all those questions and more. Read on.

Using DNSInspector

It is beyond this manual’s scope to provide a complete background course on the Internet itself and
on the entire range of issues involved in examining various aspects of its complex structure, topology
and day-to-day operations. Instead, we’ll focus here on actual usage and application of DNSInspector’s network info tools and we’ll include a few useful links to other documentation for those who might like to pursue some of the underlying issues in greater depth. Let it suffice to say that the better one understands those issues and their impacts on both service providers and end users, the more useful DNSInspector becomes.

Whois Lookups

All domain names on the Internet are registered with “domain name registrars”. Domain name registrars are entities which have been allocated the authority to register names for a specific subset of domain names. Most Domain name registrars provide a “whois” function, where you can ask “whois domain.name” and they will tell you who has registered that domain name.

DNSInspector’s whois lookup feature provides to the user the same information that has been provided by the owner of the site domain in question to the top level domain (TLD) registrar. To use it, simply enter the name of the site domain (without any “www.” or other prefix) and select the TLD (e.g., “.com”) from the available drop-down listing.

The allowed maximum number of simultaneous lookup entries and the drop-down TLD listing is fully
under the control of the DNSInspector administrator who may add, delete and change entries to suit his/her web site’s purposes and its users. If the TLD you’re looking for is not available in the drop-down listing, you can ask the administrator to add it if an associated whois server is available.

More info:
ICANN

Whois IP Lookups

This DNSInspector feature provides owner-registrar information on a particular IP address, useful
when you do not have the domain information needed to use the Whois Lookup feature described above.

More info:
ARIN

DNS Lookups

DNS stands for Domain Name System. This system is used to associate a domain name (e.g. www.mydomainname.com) with one or multiple IP addresses. Now, an IP (Internet Protocol) address is like a phone number to a computer. Every computer has one but just like a phone number, sometimes an IP address can be hard to remember. This is why there is DNS. Instead of having to remember, 216.226.138.60 we only have to remember www.simplehost.com.

The domain registrar from whom a domain name is purchased will assign two IP addresses to that domain name. These IP addresses are the primary and secondary name servers which are responsible for propagating, on the Internet, that domain name and its associated IP address.

DNSInspector can provide users with both forward and reverse DNS resolutions. If the user enters a domain name, it will be resolved to its IP address. If the user enters an IP address, it will be resolved to its domain name, if one has been allocated and propagated for that IP address.

More info:
phpweb
simplehost
tutor

DNS Dig Queries

DNSInspector’s Dig tool is available only on web sites that run on UNIX/Linux servers. Microsoft Windows servers do not support this feature. Where available, it provides essentially the same functionality as the DNS lookup feature, but uses the UNIX/Linux command set to execute the actual function.

More info:
oreilly
ISI Text

Validate Email Address

This allows site administrators and users to check the validity of any email address. The first test checks for a properly formatted address. Then, if running on a UNIX/Linux system or if Windows nslookup is accessible, it checks the domain name system for proper MX and other DNS records. Lastly, if the option has been enabled by the site administrator, it queries the mail exchange server itself to accept or reject the address entered. Note that no email message is actually sent to anyone.

More info:
RFC822
Spammers

Port Checks

Port checks can be an important part of securing your computing system, especially for those who
operate with “always connected” (cable, ADSL, etc) Internet services.

DNSInspector’s port check feature has a dual purpose. First, entering any port number, will provide a
listing of that port’s protocols, services and any known attack exploits such as “trojans” and “back
doors”. If you also enter a host name or IP address, that host will be checked to determine whether
the specified port is open and accepting connections.

While viewing any listing of port services/exploits, users may click “Submit” to send a new item
for the administrator’s attention to be added to the listing upon acceptance.

More info:
IANA
UDP
TCP-IP
Ports dB
SANS
Shields Up
PC Audit

HTTP Requests

Hypertext transport protocol (HTTP) is the languange used by web browsers and web servers to
communicate with and respond to each other across the internet. Using this function, you can
send an HTTP request (HEAD or GET) directly to a server specifying a particular object with a
complete URL and examine the server’s response “in the raw”.

More info:
RFC2068

ICMP Pings

As its name suggests, the ping feature can be compared to a submariner’s sonar. It is a utility
that simply checks whether the target computer is currently connected to the internet and responding.
You should be aware that some servers (e.g., microsoft.com) are deliberately configured so that they
do not respond to ICMP pings.

More info:
mike
ICMP

Traceroutes

Traceroute can be used to show you how a site is physically connected to the Internet. Along the
way you will also gain an understanding of how networks inter-connect. Traceroute can be used to
determine the specific network route taken to reach a specific remote host.

In a simplified way, this is how traceroute works. Every IP packet can specify how many hops it
can go through before it is no longer forwarded on. When a packet is no longer forwarded on, that
router just forgets all about it, but it also will usually send out a message to the source host saying,
“Hey, sorry, but your packet died here.” So, traceroute cleverly manipulates these values so that the
first round of packets it sends out to the designated host are specified such that they can only go
through one hop before dying. So that first hop gets those packets, sees that it’s not supposed to
forward them on any further and doesn’t, and then sends a message back to the source host telling it
that the packets died. When traceroute receives the “your packets died here” message from the router,
it knows that’s the first hop. It then sends on the second round of packets specifying that they can
only go through TWO hops, and the cycle continues. It finishes when it gets a response from the final
destination. For each hop, traceroute then displays the RTT, Round Trip Time, or the time difference
between when the probe was sent from traceroute and the time the response arrived for each packet.

More info:
Cisco
visualware

Looking Glass

Looking glass extends DNSInspector’s scope by providing capabilities for interrogating routers (Cisco, Zebra, Juniper) used in wide area networks that comprise the Internet. It is intended for advanced users who have an in-depth understanding of network topology and router functions. The looking glass feature in DNSInspector contains the following commands for both IPv4 and IPv6: OSPF neighborship, BGP neighborship, OSPF RT, BGP RR, Zebra Any RR, and Zebra Interface Info.

More info:
Bind.com
BGP Expert
Routeviews