Front | Info | Lists | Newsfeeds | Study Guide | What is BSD?
Advertisement: The OpenBSD PF Packet Filter Book: PF for NetBSD, FreeBSD, DragonFly and OpenBSD

BSD Links
·New Links
·User Groups

This is the BSDA Study Guide Book written via a wiki collaboration. This is a work in progress. You may contribute to or discuss this specific page at

Determine who is responsible for a DNS zone


Be able to perform a reverse DNS lookup to determine the network associated with an IP address and gather contact information regarding that network.


(Note: Basic information on DNS system is covered in section Query a DNS server)

Being a BSD system administrator requires the knowledge of obtaining contact information of persons responsible for a given DNS zone. This is most commonly achieved through a reverse DNS lookup or a whois query.


Having only an IP address, the first step is to perform a reverse DNS lookup for a given address to obtain information on domain to which this machine belongs to. Both the dig(1) and whois(1) commands can be used for this purpose.

A reverse DNS lookup can be performed using the -x flag to the dig(1) command. The information that we're looking for is located within the SOA record.

# dig SOA -x
; <<>> DiG 9.3.3 <<>> SOA -x
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36277
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;    IN      SOA

;; AUTHORITY SECTION: 10300  IN      SOA 2006113000 21600 3600 1209600 10800

;; Query time: 2 msec
;; WHEN: Thu Jan  4 23:36:06 2007
;; MSG SIZE  rcvd: 104

One of the pieces of information obtained with this command is a contact e-mail address for the person responsible for a given DNS zone. This is located just after the hostname of the primary DNS server for the zone and is shown with a . (dot) instead of the usual @ character. In this case it is which should be read as

The whois(1) command does not require any additional parameters to perform a lookup and it provides far more detailed contact information.

# whois
OrgName:    Google Inc.
OrgID:      GOGL
Address:    1600 Amphitheatre Parkway
City:       Mountain View
StateProv:  CA
PostalCode: 94043
Country:    US

NetRange: -
NetName:    GOOGLE
NetHandle:  NET-216-239-32-0-1
Parent:     NET-216-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.GOOGLE.COM
NameServer: NS2.GOOGLE.COM
NameServer: NS3.GOOGLE.COM
NameServer: NS4.GOOGLE.COM
RegDate:    2000-11-22
Updated:    2001-05-11

RTechHandle: ZG39-ARIN
RTechName:   Google Inc.
RTechPhone:  +1-650-318-0200

OrgTechHandle: ZG39-ARIN
OrgTechName:   Google Inc.
OrgTechPhone:  +1-650-318-0200

# ARIN WHOIS database, last updated 2007-01-03 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Notice that the format of the whois output depends on many factors, such as the registry for the IP address block, but each gives similarly detailed information. Notice also, that the information gained from a whois query on an IP address may differ from the information gained when querying a domain name pointing to the very same IP address. Most commonly this occurs when the domain is administered by a different organization than the IP address block.

Practice Exercises

  1. Using both commands, check the contact information available for your domain.
  2. Add different server names or addresses (ie. your own, your ISP's) to the dig @server parameter.
  3. Perform a whois query on your domain name and IP address.

More information

dig(1) and whois(1)

Front | Information | Lists | Newsfeeds