DNS - Using dig to query for CNAME records?
What's the dig syntax to query for CNAME records?
What I've tried:
Pro DNS and BIND by Ron Aitchison ch9 DNS Diagnostics and Tools
dig @ns.mydomain.org domain.org any
dig @ns.mydomain.org domain.org cname
dig -t CNAME @ns.mydomain.org domain.org
dig @ns.mydomain.org domain.org
Google searches for the syntax.
https://support.google.com/a/answer/93595?hl=en
Troubleshoot CNAME records
Third party website
http://mxtoolbox.com/CNAMELookup.aspx
We've had CNAMES setup for a long time and we know they work. Typical email use of CNAMES for example.
What I've tried:
Pro DNS and BIND by Ron Aitchison ch9 DNS Diagnostics and Tools
dig @ns.mydomain.org domain.org any
dig @ns.mydomain.org domain.org cname
dig -t CNAME @ns.mydomain.org domain.org
dig @ns.mydomain.org domain.org
Google searches for the syntax.
https://support.google.com/a/answer/93595?hl=en
Troubleshoot CNAME records
Third party website
http://mxtoolbox.com/CNAMELookup.aspx
We've had CNAMES setup for a long time and we know they work. Typical email use of CNAMES for example.
dig @8.8.8.8 experts-exchange.com C
(using google's DNS server to lookup the CNAME record for this site)
(using google's DNS server to lookup the CNAME record for this site)
CNAME cannot be used with email.
@mobot - I'm not sure what you mean by "Typical email use of CNAMES for example." - your question is about querying C name records using dig, right?
I also assume that is the question, if you are asking how cnames are used in email here is your answer:
MX and NS records must never point to a CNAME alias (RFC 2181 section 10.3). So, for example, a zone must not contain constructs such as:
example.com. MX 0 foo.example.com.
foo.example.com. CNAME host.example.com.
host.example.com. A 192.0.2.1
Domains that are used for e-mail may not have a CNAME record.[3] In practice this may work, but can have different behavior with different mail servers, and can have undesired effects.[4]
Reference:
http://en.wikipedia.org/wiki/CNAME_record
MX and NS records must never point to a CNAME alias (RFC 2181 section 10.3). So, for example, a zone must not contain constructs such as:
example.com. MX 0 foo.example.com.
foo.example.com. CNAME host.example.com.
host.example.com. A 192.0.2.1
Domains that are used for e-mail may not have a CNAME record.[3] In practice this may work, but can have different behavior with different mail servers, and can have undesired effects.[4]
Reference:
http://en.wikipedia.org/wiki/CNAME_record
ASKER
Sorry not to have been clear. We have an Outlook web server in play. And we use a CNAME for it so the users don't have to remember the mail server name..
email IN CNAME mailserver.mydomain.org.
And in practice this does work.
I'd like to see something to the similar when using dig.
C:\>nslookup -q=cname email.mydomain.org nameserver.mydomain.org
Server: nameserver.mydomain.org
Address: xxx.xxx.xxx.xxx
email.mydomain.org canonical name = mailserver.mydomain.org
mydomain.org nameserver = ns3.secondary_dns.net
mydomain.org nameserver = ns1.secondary_dns.net
mydomain.org nameserver = ns2.secondary_dns.net
mydomain.org nameserver = nameserver.mydomain.org
nameserver.mydomain.org internet address = xxx.xxx.xxx.xxx
C:\>
@Gerwin - what output do you get from running this cmd??? And I am asking how to query for CNAME records.
C:\>dig @8.8.8.8 experts-exchange.com C
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1748
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;experts-exchange.com. IN A
;; ANSWER SECTION:
experts-exchange.com. 17495 IN A 54.86.90.123
;; Query time: 30 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Sep 15 13:14:56 2014
;; MSG SIZE rcvd: 54
; <<>> DiG 9.3.2 <<>> @8.8.8.8 experts-exchange.com C
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1121
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;C. IN A
;; AUTHORITY SECTION:
. 1081 IN SOA a.root-servers.net. nstld.verisi
gn-grs.com. 2014091500 1800 900 604800 86400
;; Query time: 30 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Sep 15 13:14:56 2014
;; MSG SIZE rcvd: 94
email IN CNAME mailserver.mydomain.org.
And in practice this does work.
I'd like to see something to the similar when using dig.
C:\>nslookup -q=cname email.mydomain.org nameserver.mydomain.org
Server: nameserver.mydomain.org
Address: xxx.xxx.xxx.xxx
email.mydomain.org canonical name = mailserver.mydomain.org
mydomain.org nameserver = ns3.secondary_dns.net
mydomain.org nameserver = ns1.secondary_dns.net
mydomain.org nameserver = ns2.secondary_dns.net
mydomain.org nameserver = nameserver.mydomain.org
nameserver.mydomain.org internet address = xxx.xxx.xxx.xxx
C:\>
@Gerwin - what output do you get from running this cmd??? And I am asking how to query for CNAME records.
C:\>dig @8.8.8.8 experts-exchange.com C
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1748
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;experts-exchange.com. IN A
;; ANSWER SECTION:
experts-exchange.com. 17495 IN A 54.86.90.123
;; Query time: 30 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Sep 15 13:14:56 2014
;; MSG SIZE rcvd: 54
; <<>> DiG 9.3.2 <<>> @8.8.8.8 experts-exchange.com C
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1121
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;C. IN A
;; AUTHORITY SECTION:
. 1081 IN SOA a.root-servers.net. nstld.verisi
gn-grs.com. 2014091500 1800 900 604800 86400
;; Query time: 30 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Sep 15 13:14:56 2014
;; MSG SIZE rcvd: 94
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I came up with this syntax and it works. And the last cmd you just sent me works as well. So either one will do what I want done.
C:\>dig -t cname @ns.mydomain.org email.mydomain.org
; <<>> DiG 9.3.2 <<>> -t cname @ns.mydomain.org email.mydomain.org
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1688
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1
;; QUESTION SECTION:
;email.mydomain.org. IN CNAME
;; ANSWER SECTION:
email.mydomain.org. 43200 IN CNAME mailserver.mydomain.org.
;; AUTHORITY SECTION:
mydomain.org. 43200 IN NS ns1.secondary_dns.net.
mydomain.org. 43200 IN NS ns.mydomain.org.
mydomain.org. 43200 IN NS ns3.secondary_dns.net.
mydomain.org. 43200 IN NS ns2.secondary_dns.net.
;; ADDITIONAL SECTION:
ns.mydomain.org. 43200 IN A xxx.xxx.xxx.xxx
;; Query time: 30 msec
;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx
;; WHEN: Mon Sep 15 14:19:42 2014
;; MSG SIZE rcvd: 161
C:\>
==========================
C:\>dig www.experts-exchange CNAME
; <<>> DiG 9.3.2 <<>> www.experts-exchange CNAME
;; global options: printcmd
;; connection timed out; no servers could be reached
C:\>dig @208.67.222.222 https://www.experts-exchange.com CNAME
; <<>> DiG 9.3.2 <<>> @208.67.222.222 https://www.experts-exchange.com CNAME
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;https://www.experts-exchange.com. IN CNAME
;; ANSWER SECTION:
https://www.experts-exchange.com. 83211 IN CNAME experts-exchange-437318971
st-1.elb.amazonaws.com.
;; Query time: 30 msec
;; SERVER: 208.67.222.222#53(208.67.2
;; WHEN: Mon Sep 15 14:31:45 2014
;; MSG SIZE rcvd: 107
C:\>
C:\>dig -t cname @ns.mydomain.org email.mydomain.org
; <<>> DiG 9.3.2 <<>> -t cname @ns.mydomain.org email.mydomain.org
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1688
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1
;; QUESTION SECTION:
;email.mydomain.org. IN CNAME
;; ANSWER SECTION:
email.mydomain.org. 43200 IN CNAME mailserver.mydomain.org.
;; AUTHORITY SECTION:
mydomain.org. 43200 IN NS ns1.secondary_dns.net.
mydomain.org. 43200 IN NS ns.mydomain.org.
mydomain.org. 43200 IN NS ns3.secondary_dns.net.
mydomain.org. 43200 IN NS ns2.secondary_dns.net.
;; ADDITIONAL SECTION:
ns.mydomain.org. 43200 IN A xxx.xxx.xxx.xxx
;; Query time: 30 msec
;; SERVER: xxx.xxx.xxx.xxx#53(xxx.xxx
;; WHEN: Mon Sep 15 14:19:42 2014
;; MSG SIZE rcvd: 161
C:\>
==========================
C:\>dig www.experts-exchange CNAME
; <<>> DiG 9.3.2 <<>> www.experts-exchange CNAME
;; global options: printcmd
;; connection timed out; no servers could be reached
C:\>dig @208.67.222.222 https://www.experts-exchange.com CNAME
; <<>> DiG 9.3.2 <<>> @208.67.222.222 https://www.experts-exchange.com CNAME
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;https://www.experts-exchange.com. IN CNAME
;; ANSWER SECTION:
https://www.experts-exchange.com. 83211 IN CNAME experts-exchange-437318971
st-1.elb.amazonaws.com.
;; Query time: 30 msec
;; SERVER: 208.67.222.222#53(208.67.2
;; WHEN: Mon Sep 15 14:31:45 2014
;; MSG SIZE rcvd: 107
C:\>
Great that you got the answer you needed.
Happy to help.
Happy to help.
ASKER
I added the opendns server because of the timeout. The timeout could be a problem on my end. But anyway the syntax you sent is what I was asking for. That section is what I needed to see. That confirms the CNAME is mapping correctly. So thanks a bunch.
dig domain.com CNAME (optional) <dnsserver>
The tools you specified above are also on the right track, what specifically are you trying to find ?