My solution in [WayBack] delphi – post-build event with multiple if/copy combinations only execute if first file does not exist – Stack Overflow is an addendum to my 2014 post Delphi prebuild/prelink/postbuild events.
Here we go:
Archive for November 15th, 2018
Solution for Delphi – post-build event with multiple if/copy combinations only execute if first file does not exist – Stack Overflow
Posted by jpluimers on 2018/11/15
Posted in Conference Topics, Conferences, Delphi, Development, Event, Software Development, The Old New Thing, Windows Development | Leave a Comment »
dig: getting the list of root servers
Posted by jpluimers on 2018/11/15
For many dig queries, it helps to get the current list of root DNS servers.
Though the list is pretty static, occasionally it changes. While writing there were 13 of them and the most recent history report was in “RSSAC023: History of the Root Server System” at [WayBack] www.icann.org/en/system/files/files/rssac-023-04nov16-en.pdf.
So below are the steps to get an accurate list based on
- [WayBack] How do I see the DNS hint file (root name servers)? – Ask Ubuntu.
- [WayBack] dig show only answer – Server Fault (which indicates options like
+noallneed to be in front of your query).
First find out what the root servers are:
$ dig +noall +answer . ns | sort . 106156 IN NS a.root-servers.net. . 106156 IN NS b.root-servers.net. . 106156 IN NS c.root-servers.net. . 106156 IN NS d.root-servers.net. . 106156 IN NS e.root-servers.net. . 106156 IN NS f.root-servers.net. . 106156 IN NS g.root-servers.net. . 106156 IN NS h.root-servers.net. . 106156 IN NS i.root-servers.net. . 106156 IN NS j.root-servers.net. . 106156 IN NS k.root-servers.net. . 106156 IN NS l.root-servers.net. . 106156 IN NS m.root-servers.net.
You should shorten this to $ dig +noall +answer . ns but that will not give you the TTL (how long the information will be cached before your DNS server refreshes it).
Now query at least 3 of these to get the actual list of root servers (I list only one statement, the rest is similar):
$ dig +noall +answer . ns @j.root-servers.net. | sort . 518400 IN NS a.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS d.root-servers.net. . 518400 IN NS e.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS m.root-servers.net.
Compare the lists. If they are equal, then you’re done.
If not, then the internet is in trouble (:
When you want the A and AAAA records with IP addresses in addition to the NS records with names, then add +additional to your query:
dig +noall +answer +additional @j.root-servers.net. | sort . 518400 IN NS a.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS d.root-servers.net. . 518400 IN NS e.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS m.root-servers.net. a.root-servers.net. 518400 IN A 198.41.0.4 a.root-servers.net. 518400 IN AAAA 2001:503:ba3e::2:30 b.root-servers.net. 518400 IN A 192.228.79.201 b.root-servers.net. 518400 IN AAAA 2001:500:200::b c.root-servers.net. 518400 IN A 192.33.4.12 d.root-servers.net. 518400 IN A 199.7.91.13 e.root-servers.net. 518400 IN A 192.203.230.10 f.root-servers.net. 518400 IN A 192.5.5.241 g.root-servers.net. 518400 IN A 192.112.36.4 h.root-servers.net. 518400 IN A 198.97.190.53 i.root-servers.net. 518400 IN A 192.36.148.17 j.root-servers.net. 518400 IN A 192.58.128.30 k.root-servers.net. 518400 IN A 193.0.14.129 l.root-servers.net. 518400 IN A 199.7.83.42 m.root-servers.net. 518400 IN A 202.12.27.33
–jeroen
Share this:
Posted in DNS, Internet, Power User | 1 Comment »
Find the TTL for a domain and subdomain by getting to the authoritative nameserver first
Posted by jpluimers on 2018/11/15
Lets find the authoritative name server and TTL (time to live) for the example.org domain and www.example.org subdomain.
Notes:
- you can also do this using the web-page wrapper around dig [WayBack] Dig web interface
- web-pages return most information in one go are [WayBack] intodns.com/example.org and [WayBack] dnsinspect.com: Report for example.org.
- the steps below are partially based on a more in depth domain consistency check at [WayBack] Debugging nameservers using dig +norec
1a: get parents of name servers
First start with a root server (dig: getting the list of root servers) to get parents of the name servers for example.org (don’t you love indirection!):
$ dig +norecurse +noall +authority @f.root-servers.net. example.org. org. 172800 IN NS a0.org.afilias-nst.info. org. 172800 IN NS a2.org.afilias-nst.info. org. 172800 IN NS b0.org.afilias-nst.org. org. 172800 IN NS b2.org.afilias-nst.org. org. 172800 IN NS c0.org.afilias-nst.info. org. 172800 IN NS d0.org.afilias-nst.org.
You can repeat this query for 2 more root servers to ensure they are in sync.
1b: get authoritative name servers from the parents
Now repeat with at least 3 of these to ensure they give matching results for the name servers for example.org:
$ dig +norecurse +noall +authority @b0.org.afilias-nst.info. example.org. example.org. 86400 IN NS b.iana-servers.net. example.org. 86400 IN NS a.iana-servers.net. $ dig +norecurse +noall +authority @c0.org.afilias-nst.info. example.org. example.org. 86400 IN NS a.iana-servers.net. example.org. 86400 IN NS b.iana-servers.net. $ dig +norecurse +noall +authority @a0.org.afilias-nst.info. example.org. example.org. 86400 IN NS a.iana-servers.net. example.org. 86400 IN NS b.iana-servers.net.
2a: getting the domain name servers from a public name server
A query to a public DNS server will also return a name server list, but then you would need to know that name server first. In addition, you can not ask for +authority; you have to ask for +answer NS in stead:
$ dig +norecurse +noall +answer NS @8.8.8.8 example.org. example.org. 55312 IN NS a.iana-servers.net. example.org. 55312 IN NS b.iana-servers.net.
The name servers on the list are not guaranteed to be authoritative, as this query returns an empty result:
$ dig +norecurse +noall +authority @8.8.8.8 example.org.
2b. ensuring the name servers are authoritative name servers
From the name servers returned, you can now check if the servers themselves return the same name servers. If so, then you are sure they are authoritative:
$ dig +norecurse +noall +authority @a.iana-servers.net. example.org. example.org. 86400 IN NS a.iana-servers.net. example.org. 86400 IN NS b.iana-servers.net. $ dig +norecurse +noall +authority @b.iana-servers.net. example.org. example.org. 86400 IN NS b.iana-servers.net. example.org. 86400 IN NS a.iana-servers.net.
3: get the actual TTL
With the authoritative name servers, you can get the actual TTL:
$ dig +norecurse +noall +answer SOA @a.iana-servers.net. example.org.
example.org. 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2017042729 7200 3600 1209600 3600
$ dig +norecurse +noall +multiline +answer SOA @a.iana-servers.net. example.org.
example.org. 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. (
2017042729 ; serial
7200 ; refresh (2 hours)
3600 ; retry (1 hour)
1209600 ; expire (2 weeks)
3600 ; minimum (1 hour)
)
I got the +multiline trick from [WayBack] HOWTO: Using dig(1) to Find DNS Time to Live (TTL) Values – A-Team Systems.
4: get the count down TTL from a local name server
You can repeat the above process with a non-authoritative name server a few times to see the TTL decrease:
$ dig +norecurse +noall +answer SOA example.org. example.org. 322 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2017042729 7200 3600 1209600 3600 $ dig +norecurse +noall +answer SOA example.org. example.org. 321 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2017042729 7200 3600 1209600 3600
This is for instance what is returned by [WayBack] example.org DNS information – who.is example.org DNS information. DNS records such SOA, TTL, MX, TXT and more.
Public DNS servers having multiple servers per IP can even run disperse TTL numbers, for instance Google DNS at 8.8.8.8 does this:
$ dig +norecurse +noall +answer SOA @8.8.8.8 example.org. example.org. 13 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2017042729 7200 3600 1209600 3600 $ dig +norecurse +noall +answer SOA @8.8.8.8 example.org. example.org. 1388 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2017042729 7200 3600 1209600 3600 $ dig +norecurse +noall +answer SOA @8.8.8.8 example.org. example.org. 10 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2017042729 7200 3600 1209600 3600
Note that +nssearch does not work for me
Using +nssearch as per [WayBack] How to find what Authoritative Name Server provided the answer using dig? – Server Fault fails for me:
$ dig +nssearch example.org SOA sns.dns.icann.org. noc.dns.icann.org. 2017042729 7200 3600 1209600 3600 from server 199.43.135.53 in 83 ms. SOA sns.dns.icann.org. noc.dns.icann.org. 2017042729 7200 3600 1209600 3600 from server 199.43.133.53 in 144 ms. ;; connection timed out; no servers could be reached
This reveals this in the bold values:
- The authoritative nameserver
sns.dns.icann.orgis not publicly accessible. - TTL
7200(7200 seconds is 2 hours).
Future research
Authoritative answers might not be present in dig queries on some platforms. I need to dig deeper into [WayBack] terminal – Dig not returning authority section? – Ask Different to see why.
Glue records are always tricky to get right: [WayBack] How to check domain NS glue records using dig « Admins eHow
–jeroen
Share this:
Posted in *nix, *nix-tools, bash, Development, dig, DNS, Internet, Power User, Scripting, Software Development | Leave a Comment »
The Wiert Corner - irregular stream of stuff 