How Can I Interpret My DNS?

Recommended Videos
dwharmon

dwharmon

New member
Sep 24, 2010
22
0
0
So, I've searched around the internet and can't seem to find a straight answer to my question. I've managed to pull up my DNS cache through the command prompt/displaydns, but I'm not certain how to read it. There are a couple of fields with single digits that are different per result, some results say answer while others say additional; I don't use Facebook, but I see it listed presumably because of a link provided by another site? How do I distinguish between an actual site and a mere advertisement?

I'm not looking for an in-depth explanation of what DNS is and how it works (there is plenty of that out there), I just want to know how I can pull any useful information out of a DNS list.
 
A

Albino Boo

New member
Jun 14, 2010
4,667
0
0
IN a DNS server's database, each piece of data is a "resource record".
"Record name" is the name you query DNS for, and the records belong to that name.
"Record type" is the type, displayed as a number -Mostly likely it will be 1 (ip4),28(ip6) or 5 (CNAME)
"Time To Live" is the time in seconds after which the cache entry must expire.
"Data Length" is the length in bytes - an IPv4 address is four bytes, IPv6 is sixteen bytes.
The "answer" section of a DNS reply is the actual answer to the query, and "additional" contains information that will likely be needed to find the actual answer. For example, glue records.

The cache only contains DNS queries that have been resolved.
 
DoPo

DoPo

"You're not cleared for that."
Jan 30, 2012
8,665
0
0
dwharmon said:
I'm not looking for an in-depth explanation of what DNS is and how it works (there is plenty of that out there), I just want to know how I can pull any useful information out of a DNS list.
Click to expand...
I suppose another question is what is useful information for you? For getting more information from DNS you can use nslookup and/or dig for example both of which can run a DNS query and give you the response. Whether it's useful or not would depend on the circumstances, of course, but it's the same with the contents of the DNS cache.
 
dwharmon

dwharmon

New member
Sep 24, 2010
22
0
0
albino boo said:
IN a DNS server's database, each piece of data is a "resource record".
"Record name" is the name you query DNS for, and the records belong to that name.
"Record type" is the type, displayed as a number -Mostly likely it will be 1 (ip4),28(ip6) or 5 (CNAME)
"Time To Live" is the time in seconds after which the cache entry must expire.
"Data Length" is the length in bytes - an IPv4 address is four bytes, IPv6 is sixteen bytes.
The "answer" section of a DNS reply is the actual answer to the query, and "additional" contains information that will likely be needed to find the actual answer. For example, glue records.

The cache only contains DNS queries that have been resolved.
Click to expand...
Ok, that helps a little bit. I appreciate it.
 
You must log in or register to reply here.
Top Bottom