Small Sharp Software Tools

Harness the Combinatoric Power of Command-Line Tools and Utilities

6. Looking Up Domains

Tagged with Bash networking dns

Published February 6, 2019

Use `host`, `dig`, and `whois` to look up information about domain names.

Transcript

Hi this is Brian and I’m going to show you how to use a few command-line tools to get information about domain names.

First up, we have the host command. You can use it to get basic info about a domain name, such as the primary IP address it resolves to:

Use it to look up Google.com:

$ host google.com
google.com has address 172.217.8.174
google.com has IPv6 address 2607:f8b0:4009:816::200e
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.

You see the ipv4 address and the ipv6 addresses, and you see how this domain handles email.

Host gives you a quick human-readable look at a domain.

The dig commmand lets you look up specific DNS records. By default, it looks up an A record:

$ dig google.com
; <<>> DiG 9.8.3-P1 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8067
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             1       IN      A       172.217.0.14

;; Query time: 20 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Feb  5 11:30:55 2019
;; MSG SIZE  rcvd: 44

To have it show MX, or Mail Exchange records, just specify the record type as an additional argument:

$ dig google.com mx
; <<>> DiG 9.8.3-P1 <<>> google.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56994
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 10

;; QUESTION SECTION:
;google.com.                    IN      MX

;; ANSWER SECTION:
google.com.             600     IN      MX      10 aspmx.l.google.com.
google.com.             600     IN      MX      50 alt4.aspmx.l.google.com.
google.com.             600     IN      MX      30 alt2.aspmx.l.google.com.
google.com.             600     IN      MX      20 alt1.aspmx.l.google.com.
google.com.             600     IN      MX      40 alt3.aspmx.l.google.com.

;; ADDITIONAL SECTION:
aspmx.l.google.com.     293     IN      A       173.194.194.27
aspmx.l.google.com.     293     IN      AAAA    2607:f8b0:4001:c0a::1a
alt4.aspmx.l.google.com. 293    IN      A       209.85.203.27
alt4.aspmx.l.google.com. 293    IN      AAAA    2a00:1450:400b:c03::1a
alt2.aspmx.l.google.com. 293    IN      A       74.125.141.27
alt2.aspmx.l.google.com. 293    IN      AAAA    2607:f8b0:400c:c06::1b
alt1.aspmx.l.google.com. 293    IN      A       173.194.207.27
alt1.aspmx.l.google.com. 293    IN      AAAA    2607:f8b0:400d:c09::1b
alt3.aspmx.l.google.com. 292    IN      A       172.217.192.26
alt3.aspmx.l.google.com. 292    IN      AAAA    2800:3f0:4003:c02::1a

;; Query time: 625 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Tue Feb  5 11:33:04 2019
;; MSG SIZE  rcvd: 356

When you want to find details about the domain name, such as when it was registered and who owns it, that’s where you’ll use the whois command.

This command spits out a lot of output though, so it’s best to pipe its results to a pager like less:

$ whois google.com | less
   Domain Name: GOOGLE.COM
   Registry Domain ID: 2138514_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.markmonitor.com
   Registrar URL: http://www.markmonitor.com
   Updated Date: 2018-02-21T18:36:40Z
   Creation Date: 1997-09-15T04:00:00Z
   Registry Expiry Date: 2020-09-14T04:00:00Z

The output shows information about when the domain was created and when its registration expires. In some cases it also shows the contact information of the person responsible for the domain. Unfortunately, this sometimes exposes the personal information of the person that registered the domain. Thankfully, more and more domain providers offer a privacy feature which hides this info from the whois tool and other search engines.

You can use whois to see if a domain is available, too. There are lots of web-based tools out there to do this, but this way is pretty quick.

When you search for a domain that doesn’t exist, whois will tell you right away in the first line of output:

$ whois this-doesnt-exist.com | head -n 1
No match for "THIS-DOESNT-EXIST.COM".

host, dig and whois are handy tools for exploring information about domain names. Use them against your own domain names and see what information you can find.