krypted.com

Tiny Deathstars of Foulness

One of my favorite things about grabbing things with scripts is just how many ways (and sometimes how needfully or needlessly convoluted you can make them) to grab the same pieces of information. For example, something as simple as what hosts you use to resolve names on a Mac. There are a number of ways to grab what DNS server a device is using in macOS. So when you’re running a script you might choose to grab DNS information one way or another, according to what you’re after. Some of this might seem more complicated than it should be. And that’s correct…

resolv.conf

The /etc/resolv.conf file is updated automatically to look at what servers are used to resolve names used for DNS. The easiest way to see theses to simply cat it and grep for nameserver:

cat /etc/resolv.conf | grep nameserver

scutil

The next way we’ll grab DNS information is using scutil. Here, we use the –dns option, which outputs a lot of DNS stuffs, including all the built-in resolvers:

scutil --dns

To just grab the name servers:

scutil --dns | grep nameserver

We can also simplify the output to just the servers with awk:

scutil --dns | grep nameserver | awk '{print$3}'

networksetup

The second way is using networksetup. This command has an option to get a DNS server in (shocker) -getdnsservers. However, you have to list the interface for each. So below we’ll dump all interfaces into an array using -listallhardwareports and then read them in using a for loop and querying the name servers.

interfaces=( "$(networksetup -listallhardwareports | grep Hardware | cut -c 16-900)" )
for i in "${interfaces[@]}"
do
networksetup -getdnsservers $i
done

The one tricky thing in this one is I initially forgot to quote the interfaces as they went into the array, which meant each word of the interface was an item in the array and therefore the -getdnsservers option failed. Once I quoted, it was all happy. The other thing I can point out is I used cut instead of sed because it was easier to quote; however, it seems unlikely the name can be more than 890 characters, so I think it’s fine…

dig

You can also use dig. Here, you’ll query for a name without using an @ option, but omit everything but the line with the server that responded:

dig google.com | grep SERVER:

The output is kinda’ fug:

;; SERVER: 4.2.2.2#53(4.2.2.2)

For simpler output, we’ll use sed to constrain the output to just what’s between the parenthesis:

dig google.com | grep SERVER: | sed 's/^.*(//;s/)$//'

nslookup

nslookup is a tool similar to dig, used for querying names. We’ll basically do the same thing as above, just using awk as it’s just a standard position in a line:

nslookup google.com | grep Server: | awk '{print$2}'

system_profiler

Then there’s system_profiler, the command line interface for System Profiler. Here, we can query the SPNetworkDataType. This is going to produce a lot of output, so we can limit it to just the DNS servers using grep to constrain to just the lines we want and awk for just the columns in those lines, as follows:

system_profiler SPNetworkDataType | grep "Domain Name Servers:" | awk '{print$4}'

hosts

@knapjack added to use hosts. I had to use verbose mode to pull the local name server as follows:

host -v -t ns google.com | grep Received | awk '{print $5}'

ipconfig

Thanks to the lovely Allister (@sacrilicious), we also have ipconfig to add to the list:

/usr/sbin/ipconfig getpacket en0 2> /dev/null | grep name_ | cut -d' ' -f3-

There are tons of ways to find things in macOS. Do you have a way to find a DNS server that I didn’t think of here?

March 6th, 2017

Posted In: bash, Mac OS X, Mac OS X Server, Mac Security, Ubuntu

Tags: , , , , , , ,

Any time doing a migration of data from one IP to another where that data has a DNS record that points users towards the data, we need to keep the amount of time it takes to repoint the record to a minimum. To see the TTL of a given record, let’s run dig using +trace, +nocmd to turn off showing the version and query options, +noall to turn off display flags, +answer to still show the answer section of my reponse and most importantly for these purposes +ttlid to toggle showing the TTL on. Here, we’ll use these to lookup the TTL for the www.krypted.com A record:

dig +trace +nocmd +noall +answer +ttlid a www.krypted.com

The output follows the CNAME (as many a www record happen to be) to the A record and shows the TTL value (3600) for each:

www.krypted.com. 3600 IN CNAME krypted.com.
krypted.com. 3600 IN A 199.19.85.14

We can also lookup the MX using the same structure, just swapping out the a for an MX and the FQDN with just the domain name itself:

dig +trace +nocmd +noall +answer +ttlid mx krypted.com

The response is a similar output where

krypted.com. 3600 IN MX 0 smtp.secureserver.net.
krypted.com. 3600 IN MX 10 mailstore1.secureserver.net.

January 23rd, 2014

Posted In: Active Directory, cloud, Consulting, iPhone, Kerio, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Microsoft Exchange Server, Network Infrastructure, Windows Server

Tags: , , , , , , , , , ,

Sometimes you want to move a domain but you don’t have a copy of the zone file in order to recreate records. The easy way to do this is to grab a zone transfer. To do so, dig is your friend:

dig -tAXFR mycompany.com

Sometimes though (and actually more often than not) a zone transfer is disabled. In that case you’ll need to dig the domain a bit differently. I like to use +nocmd, query for any and list the results (+answer):

dig +nocmd krypted.com any +answer

Which results in the following:

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39183
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;krypted.com. IN ANY

;; ANSWER SECTION:
krypted.com. 1262 IN A 97.74.215.39
krypted.com. 3600 IN MX 0 smtp.secureserver.net.
krypted.com. 3600 IN MX 10 mailstore1.secureserver.net.
krypted.com. 3600 IN NS ns25.domaincontrol.com.
krypted.com. 3600 IN NS ns26.domaincontrol.com.
krypted.com. 3600 IN SOA ns25.domaincontrol.com. dns.jomax.net. 2010010400 28800 7200 604800 3600

;; Query time: 127 msec
;; SERVER: 4.2.2.2#53(4.2.2.2)
;; WHEN: Tue May 7 22:31:15 2013
;; MSG SIZE rcvd: 207

The above shows the naked domain name entry (yes, I still giggle every time I write the word naked so it’s ok if you giggled when you read it), all of the mail (which btw I don’t actually use that mail so please don’t try and send any at this time) and the ns servers. Now, the serial and refresh information isn’t included in this output. Actually, it is but it might not make sense, so we’ll just add the +multiline option which will make this look strangely like a zone file:

dig +nocmd krypted.com any +multiline +answer

Notice the serial, refresh, retry, expire and minimum options are now listed in a much more fashionable way:

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10965
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;krypted.com. IN ANY

;; ANSWER SECTION:
krypted.com. 3225 IN A 97.74.215.39
krypted.com. 3225 IN MX 0 smtp.secureserver.net.
krypted.com. 3225 IN MX 10 mailstore1.secureserver.net.
krypted.com. 3225 IN NS ns25.domaincontrol.com.
krypted.com. 3225 IN NS ns26.domaincontrol.com.
krypted.com. 3225 IN SOA ns25.domaincontrol.com. dns.jomax.net. (
2010010400 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)

;; Query time: 22 msec
;; SERVER: 4.2.2.2#53(4.2.2.2)
;; WHEN: Tue May 7 22:32:20 2013
;; MSG SIZE rcvd: 207

And there ya’ go. You’ve basically done a zone transfer on a box, even though zone transfers are disabled. Silly DNS admins, disabling zone transfers and all that… Yes, I disable zone transfers on most of my DNS boxen as well, or at least only allow them for specific IPs… 😉

May 8th, 2013

Posted In: Active Directory, Mac OS X, Mac OS X Server, Mac Security, Network Infrastructure, Ubuntu, Unix, VMware, Windows Server, Windows XP, Xsan

Tags: , , , , , , , , ,

On Sunday, I mentioned making your forward and reverse DNS entries match up. But I didn’t really discuss what to do if they don’t. For those readers moving into Ubuntu from Mac OS X Server, you’ll note that at installation time, if the hostname doesn’t match the A record and PTR for your server then it will install DNS and make them match up. The reason for this is that host names are a critical aspect in how many of the network services that modern services run. If you don’t have DNS or if you want to fire up DNS in the same manner that Mac OS X Server does it then let’s look at doing so here.

First up, let’s get the packages that we’ll need installed using apt-get, which includes bind9 and dnsutils:

apt-get install bind9 dnsutils

Once those are installed, let’s define our zone and reverse zone in /etc/bind/named.conf.local:

zone “krypted.com” {
type master;
file “/etc/bind/zones/krypted.com.db”;
};
zone “210.168.192.in-addr.arpa” {
type master;
file “/etc/bind/zones/rev.210.168.192.in-addr.arpa”;
};

Note: If you’re cut/copy/pasting here, the double-quotes are going to need to get replaced with unformatted ones.

If you have other forward or reverse zones then you will need to add them using the same format as above. Once you’re done, save the file.

Next, let’s tell the server where to look when attempting to resolve names that it does not host. This information is stored in the options array in /etc/bind/named.conf.options. This is currently commented out (commented lines start with //) so let’s uncomment the forwarders section (by removing the // in front of the lines) and change the IP of that forwarder from 0.0.0.0 to the IP address of your server. It should look similar to the following when complete:

forwarders {
4.2.2.2
};

Next, we’re going to create our

mkdir /etc/bind/zones
touch /etc/bind/zones/krypted.com.db
touch /etc/bind/zones/rev.210.168.192.in-addr.arpa

Now that we’ve created our files, let’s edit them. First, open /etc/bind/zones/krypted.com.db and look for all instances of krypted.com, replacing them with the domain name that you would like to use. Also, look for all of the records and make sure that they match with the name and IP that you would like to use, creating new lines for each new record:

krypted.com. IN SOA ns1.krypted.com. admin.krypted.com. (
2007031001
28800
3600
604800
38400
)
krypted.com. IN NS ubuntu08.krypted.com.
krypted.com. IN MX 10 mail.krypted.com.
www IN A 192.168.210.2
home IN A 192.168.210.2
mta IN A 192.168.210.2
ubuntu08 IN A 192.168.210.254

Next, we’ll populate the reverse zone file. You’ll need to replace my instances with your own as in the previous section. Open /etc/bind/zones/rev.0.168.192.in-addr.arpa in your favorite text editor and edit away:

@ IN SOA ubuntu08.krypted.com. admin.krypted.com. (
2007031001;
28800;
604800;
604800;
86400
)
IN NS ubuntu08.krypted.com.
1 IN PTR krypted.com

Next, we’ll restart the DNS services to accept these massive changes we’ve made:

/etc/init.d/bind9 restart

Next, edit the /etc/resolv.conf file to set the DNS server and (optional) search domain. Then change it to look something like the following:

search krypted.com
nameserver 192.168.210.254

Finally, you can use dig and nslookup to test the lookups and make sure they work. For example:

nslookup ubuntu08.krypted.com

November 22nd, 2010

Posted In: Ubuntu, Unix

Tags: , , , , , , , , , ,

I’ve done a number of articles on using Ubuntu 10 as a server recently, but haven’t actually looked at doing the base installation of an Ubuntu 10 host. In this example, I’ll look at using Ubuntu 10.04 Desktop. In many of the previous examples I’ve been looking at Ubuntu 10.10 Server; the reason I’m using 10.04 Desktop here is because I believe there is a smaller learning curve and that inherently Mac OS X Systems Administrators who might be following this thread actually like a GUI. There are a number of aspects of this type of setup that are simply not GUI oriented; however, the base OS can easily be, so here goes.

First up, download the installer of Ubuntu from http://www.ubuntu.com/desktop/get-ubuntu/download. Then, install Fusion. Once installed you’ll be prompted with the welcome screen.

Next, use Command-N to create a new virtual machine, orclick on the File menu and then select the New menu item (first in the list).

The New Virtual Machine Assistant will then open. Click on the button to Continue without disc.

The Installation Media screen of the New Virtual Machine Assistant will be next. Here, click on the radio button for Use operating system installation disk image file.

You will then be prompted to select an iso. Browse to the file that you downloaded from Ubuntu before you got started and then click on the Choose button in the lower right hand corner of the screen.

The Operating System and version should be filled in by default. Provided they are correct, click on the Continue button to proceed.

You will then be prompted for credentials that the virtual machine will give the guest operating system when it is installed. Here, type the administrative user name and password that you want to use. You can also choose whether or not you want to make the home folder you use in Mac OS X available to the virtual machine as well as what type of access the virtual machine has to that directory. When you’re satisfied with your settings, click on the Continue button.

At the Finish screen of the New Virtual Machine Assistant, you will be able to review the settings that have been provided to the virtual machine. You can change these later if you see fit. For now, let’s click on the Finish button.

Finally, choose where you want to install the virtual machine at. By default, the virtual machine will be placed in the Virtual Machines folder of your home directory. I usually like to move it to a Virtual Machines directory on the root of the volume that houses my Virtual Machines, but you can place yours wherever you like. When you’ve selected the folder that best fits your needs, click on the Save button.

The virtual machine will then install. This process can take some time, so it’s probably a good chance to grab a bite. When it’s done, you’ll be at the login screen for Ubuntu. Enter the username and password that you provided earlier in the process and then click on the Log In button.

Once you have logged in, let’s get the networking straight. In the menu at the top of the screen, click on Settings in the VMware toolbar and then click on Network.

By default, the virtual machine will be sharing the network connection of the Mac. Click on the second radio button (Connect directly to the physical network) and then the indicator light for the interface will go red. Wait for the light to go green, indicating that it’s picked up the correct interface and then close the Settings.

The IP will then need to be set for the guest OS. From Ubuntu, click on the System menu at the top of the screen and then click on Preferences and then Network Connections. Here, click on the Auth eth0 interface and then click on the Edit button.

You should now see the Editing Auth eth0 screen. Here, click on the IPv4 Settings tab and then provide the Address, Subnet mask (Netmask) and Gateway for your environment. You should also take this opportunity to provide a DNS server.

Click on Apply to commit your changes and then reboot the virtual machine so the new network settings are enforced. When Ubuntu comes back online, you should then be able to ping your router or some other device on your network. If you decided to use Ubuntu Server then you will need to go to /etc/network/interfaces and add some lines to bring up the interface using nano or vi, then set the IP to static and then provide your settings. They would appear as follows:

auto lo
iface lo inet loopback
iface eth0 inet static
address 192.168.210.254
netmask 255.255.255.0
gateway 192.168.210.1

Note: Check out ‘man interfaces’ for more information on building out your interfaces file.

You would also need to provide DNS information in your /etc/resolv.conf file:

nameserver 192.168.210.2
nameserver 192.168.55.41
nameserver 4.2.2.2

Note: Check out man resolv.conf for more information on the correct syntax and options if you need more that what we have provided here.

As you can see, doing so in the GUI vs. the command line is almost identical in terms of the amount of time it takes. Next, check the hostname. For this, let’s use the terminal emulator (not as spiffy as the one in Mac OS X, but nice nonetheless). Click on the Applications menu, Accessories and then Terminal. As with Mac OS X Server the forward and reverse names should match. Provided they do, you’re ready to get some services installed; otherwise you will need to set the hostname to be the same as the DNS name. Assuming the DNS name is ubuntu08.krypted.com:

hostname ubuntu08.krypted.com

To then make it persistent across a restart, check /etc/hostname and replace the hostname with whatever you see there. Once set, you should see the hostname at the login window. Finally, I ran into an instance a few years back where Debian (not Ubuntu but close enough) wouldn’t change the hostname even after I tweaked the /etc/hosts and /etc/hostname files. Very annoying. The only thing that would work was to do it using sysctl (continuing on with the same example):

sysctl kernel.hostname=ubuntu08.krypted.com

Assuming that your Ubuntu box isn’t also acting as your DNS server, you will also need to check the DNS to make sure it’s correctly set. You can use nslookup for this:

nslookup ubuntu08.krypted.com

November 21st, 2010

Posted In: Mac OS X, Ubuntu, Unix, VMware

Tags: , , , , , , , , , , , , ,