How would you go about finding the Domain Name of a particular server?
Whether your reasons are plain old curiosity, or to make sure that your website URLs are pointing in the right direction, it is important to know how to find the Domain Name details of your servers.
A Domain Name Server or “DNS” refers to a special device in networks that are used to map human-friendly domain names (like “www.hostingreview.com”) to computer-readable IP Addresses (192.162.100.100).
They can be known by many other names such as Name Servers and Domain Name System Servers.
Despite the varying names, they perform one and the same action.
When a user types in a URL in their browser, the request is sent through the network to a DNS server which translates the URL into an IP address and other information, which is then used to locate the required server by IP address.
The request is then routed to the relevant server and the website is displayed to the user.
Why would you need to find the Domain Name Server details?
You may be looking up domain name server records for many reasons such as setting up other servers and services.
These may include your email servers and other application servers.
There is one other important use for these commands.
They will be useful to verify that your servers are not under attack by hackers.
Malicious attackers will change your domain name records so that users are redirected to another site instead of your own.
This can allow hackers to do many things such as create a similar site and perform identity theft or other kinds of cybercrime.
Regularly verifying that your domain name servers are in order should be part of your routine security verifications.
How do you look for the Domain Name of a Server?
There are two easy commands that you can use from a Linux/Unix or macOS terminal.
host -t ns domain-name-com
dig ns domain-name
Both of these commands will give you the Domain Name Server information of any domain that you search for.
For further clarity, it is possible to use the dig +trace command as follows, this will provide the delegation path from the root name servers.
dig +trace domain-name
Let’s start by looking at the host command in detail.
Finding the domain name servers with the host command
The host command is executed as follows:
host -t ns domain-name
Open a terminal and execute this command with a domain name of your choice.
host -t ns google.com
The output will be as follows:
Let’s understand what this command means.
The “-t” option specifies the types of nameserver records to be queried for.
We specified the “ns” or name server option and we received the name server records.
If the -t option is not specified, “a”, “aaaa”, and “mx” are returned by default.
Other type parameters such as CNAME, NS, SOA, SIG, KEY, AXFR can be specified for advanced queries.
You can go one step further and look for particular name server records.
To do this, repeat the host command with the relevant name server record type (E.g: “-t a” or “-t aaaa”).
host -t a google.com
host -t aaaa google.com
The output will be as follows:
Finding the domain name servers with the dig command
The dig command is similar to the host command and has to be executed as follows:
dig ns domain-name
Let’s execute the dig command in a terminal of your choice:
dig ns google.com
The default output will be as follows:
If you just want to see the nameservers, use the “+short” option as follows:
dig +short ns google.com
The output will be as follows:
If you just want to see the nameservers, use the “+short” option as follows:
dig +short ns google.com
The output will be as follows:
The dig command can be further improved as follows to view the respective IP addresses particular name server records:
Finding the delegation path from the root DNS/name servers
Tracing is another feature of the dig command that can be used to find the path of name servers between the root server and the required domain.
This is done by making iterative queries from each name server record that is returned.
The syntax of the command is as follows:
dig +trace your-domain
Let’s try out the same example as above:
dig +trace google.com
This is how the output (partial) will look:
The nslookup command for Windows Users
If the Windows uses reading this article up to now are disappointed, we have a little treat for you too.
The nslookup command can be used on Windows servers and desktops in a similar manner to the above commands.
The syntax is as follows:
nslookup domain-name
Let’s try out this command on a Windows Command Line:
nslookup google.com
The output will be as follows:
The nslookup command can be further improved by passing query parameters. It can be done as follows:
nslookup
> q=ns
> google.com
Once the nslookup command is executed, the prompt will accept additional parameters.
Enter the type as “ns”, “a”, “aaaa”, “mx”, or any other name server type. The output will be as follows:
Types of DNS Records
We looked at not just the commands to find the domain name server records of any domain name, but also the reasons why you would need to do so.
The host and dig commands can be used for this purpose in a Unix/Linux or MacOS terminal.
The dig trace option can be used to do an iterative search of the domain name servers between the root servers and the destination server.
Windows users are able to use the nslookup command for the same purpose.
These commands help us to find the name servers of any domain.
We can query further with additional type options to find the IP addresses of these resulting records.