Getting to know various domain name information such as the IP address, registrar, DNS details, nameservers and more is definitely a useful task. In this tutorial, you will learn how to do that using tools like
Below is the table of contents of this tutorial:
- What is a Domain
- Installing Tools
- Terms Definition
- Domain Checking
- DNS Zone
- Where is the Website Hosted
- Where is the Name Server Hosted
- Where is the Mail Server Hosted
- SOA Record
What is a Domain
Wikipedia defines it as “an identification string that defines a realm of administrative autonomy, authority or control within the Internet.” In plain English, a domain is a combination of letters, numbers, and symbols someone types in their browser to access a specific web address directly.
Of course, a domain can be used for many more things than just hosting a web page.
Because humans are way better with words than with numbers, we go to www.google.com, not to 126.96.36.199, when we want to “google” something.
So the Internet runs on IP addresses, but for our convenience, they are “translated” into words. This translation is taken care of by the DNS (Domain Name Services) servers.
It’s easy to buy a domain name, that is why I want to explain how to get information on existing domain names.
In Linux, you just need to use 2 commands –
host is part of the
bind-utils package so in order to install them you will have to run the following commands:
CentOS, Redhat, Fedora (
$ sudo yum install whois bind-utils -y
Ubuntu, Debian, Mint Linux:
$ sudo apt-get update && sudo apt-get install whois bind-utils -y
$ sudo zypper install whois bind-utils -y
$ sudo pacman -S whois bind-tools
Let me define some terms I will be using during this tutorial.
- Owner – the entity that currently owns the domain, it can be a person or a company.
- Registrar – a company that allows you to purchase and register domain names.
- DNS hoster – a server where the domain’s DNS zone is hosted.
- DNS zone – a collection of DNS records. some examples:
- A record – the website. you can create subdomains by adding additional A records.
- MX record – the mail server. the DNS zone can contain multiple MX records with various priorities.
- SOA (Start of Authority) record – contains administrative information about the zone
- website hoster – a server where the domain’s A record is pointing to.
Let’s start checking domains.
$ whois pepsi.com
First of all, we can see the domain is registered and it is not available for purchasing. The domain was purchased using the CSC CORPORATE DOMAINS INC. registrar on 14 January 1993, its info was last updated on 09 January 2020 and it will expire on 13 January 2022.
The domain is owned by PepsiCo Inc. and you can see some contact info displayed.
Please note that displaying ownership info is not mandatory, as there are anonymization options offered by the registrars.
Let’s check the DNS zone of the domain. We will use the
host -a command:
$ host -a pepsi.com
Where is the Web Server Hosted
So pepsi.com has 2 A records, for failover reasons. Remember, A record represents the IP address where the website http(s)://pepsi.com is hosted.
whois command we can also check who owns an IP address:
$ whois 188.8.131.52
The IP address belongs to Incapsula INC, a company registered in California, USA. The IP address ownership is almost never anonymized.
Let’s compare this to the mail server IP addresses (the MX records):
pepsi.com. 519 IN MX 100 mail.pepsico.com. pepsi.com. 519 IN MX 10 mail.pepsico.com.
The 10 and 100 numbers represent the priority of the record, the lowest value being preferred. You can see here both records point to the same address,
mail.pepsico.com, but that isn’t always the case. Take
vodafone.com for example:
$ host vodafone.com vodafone.com has address 184.108.40.206 vodafone.com mail is handled by 20 cluster5a.eu.messagelabs.com. vodafone.com mail is handled by 10 cluster5.eu.messagelabs.com.
Let’s jump to the
ns comes from nameserver.
pepsi.com. 1800 IN NS ns2.pbsg.com. pepsi.com. 1800 IN NS ns4.pbsg.com. pepsi.com. 1800 IN NS ns3.pbsg.com. pepsi.com. 1800 IN NS ns1.pbsg.com.
The address delegated at the registrar as the name server for a domain is where Internet DNS servers will look for the domain’s DNS zone. The recommendation is to have multiple name servers hosted on different IP subnets, for high availability. In this way, if one name server goes down for any reason, another name server can present the information from the DNS zone and your website does not appear offline.
Where is the Name Server Hosted
What about the name server?
$ host ns1.pbsg.com ns1.pbsg.com has address 220.127.116.11 $ whois 18.104.22.168
So the IP address hosting the name server is part of an IP range owned by Pepsi Cola Company, registered in New York, USA.
Where is the Mail Server Hosted
What about the mail server?
$ host mail.pepsico.com mail.pepsico.com has address 22.214.171.124
So the IP address hosting the mail server is part of the same IP range as the one hosting the name server but belongs to another /24 subnet.
We also need to analyze the SOA (Start of Authority) record:
pepsi.com. 1800 IN SOA ns1.pbsg.com. externaldnsrequests.pbsg.com. 2008062618 3600 900 864000 1800
Let’s talk about the part after “SOA”.
ns1.pbsg.com represents the primary name server of the domain.
externaldnsrequests.pbsg.com is actually an email address,
firstname.lastname@example.org, the domain’s administrator’s email address.
2008062618 is the
serial of the DNS zone, the same thing as a version number. It is formed as YearMonthDayVersion, meaning on 2008-June-26 a DNS zone version numbered 18 was released and is currently in use.
The next 4 values represent REFRESH, RETRY, EXPIRE, and TTL:
- REFRESH – the frequency, in seconds, a secondary name server should check for DNS zone changes
- RETRY – the interval, in seconds, a secondary name server should wait after an unsuccessful synchronization attempt
- EXPIRE – how many seconds should a secondary name server wait for successful synchronization with the primary name server before it stops responding to DNS queries related to this DNS zone
- TTL – Time to Live, a value, in seconds, which represents the period the querying router should hold (cache) the provided information
whois is also a good way to check when you want to purchase a domain. For example:
$ whois whyaliensdonttalktous.com No match for domain "WHYALIENSDONTTALKTOUS.COM". >>> Last update of whois database: 2021-11-02T06:46:40Z <<<
whyaliensdonttalktous.com is currently up for grabs, not being registered by anyone.
Interesting fact, there are currently more than 367 million domains registered, so finding an available interesting domain name will not be easy.
There it is, you just learned how to check a domain’s availability, creation and expiration date, owner, contact info, and where its component parts are distributed across the Internet.