It works for me........
-----Original Message-----
From: Maglinger, Paul [mailto:pmaglin...@scvl.com]
Sent: Monday, February 23, 2009 12:05 PM
To: MS-Exchange Admin Issues
Subject: RE: HOWTO: do reverse lookups (PTR records) with the nslookup tool
Oh... NOW you've done it! Ya broke the website...
Internet Explorer cannot display the webpage
Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address.
What you can try:
Diagnose Connection Problems
More information
This problem can be caused by a variety of issues, including:
Internet connectivity has been lost.
The website is temporarily unavailable.
The Domain Name Server (DNS) is not reachable.
The Domain Name Server (DNS) does not have a listing for the website's
domain.
If this is an HTTPS (secure) address, click Tools, click Internet
Options, click Advanced, and check to be sure the SSL and TLS protocols
are enabled under the security section.
For offline users
You can still view subscribed feeds and some recently viewed webpages.
To view subscribed feeds
Click the Favorites Center button , click Feeds, and then click the feed
you want to view.
To view recently visited webpages (might not work on all pages)
Click Tools , and then click Work Offline.
Click the Favorites Center button , click History, and then click the
page you want to view.
-----Original Message-----
From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net]
Sent: Monday, February 23, 2009 11:31 AM
To: MS-Exchange Admin Issues
Subject: RE: HOWTO: do reverse lookups (PTR records) with the nslookup
tool
I ran across this over the weekend. Haven't tried it yet, but looks like
it might be good stuff.
http://huddledmasses.org/update-to-poshnet-and-get-dns/
-----Original Message-----
From: Jason Gurtz [mailto:jasongu...@npumail.com]
Sent: Monday, February 23, 2009 11:23 AM
To: MS-Exchange Admin Issues
Subject: HOWTO: do reverse lookups (PTR records) with the nslookup tool
Note: the dig tool is easier and better than nslookup, but unfortunately
doesn't come with windows. You can download the Windows port of the
BIND
name server and find dig there, but that's extra steps to find out just
what dlls you also need, etc... If you're going to do this a lot I do
recommend that you take the time to learn dig instead of nslookup.
> In the reverse DNS section of this tool, do I need to check the box?
I
> don't host my external DNS records, so I don't know what PTR records,
if
> any, are out there.
Open cmd prompt. Type nslookup and press enter. At the new "> " prompt
type set type=ptr and press enter
wacky thing #1: IP addy that you query is backwards from what it is
wacky thing #2: you are querying for the backwards address in this weird
domain called in-addr.arpa. You can think of .in-addr.arpa as being to
IP addresses the same as .com. or .org. are to domain names. It is the
story of the whale; it's just how it is.
So, for example let's look up some aol.com PTR records...3 MX records I
see are:
mailin-01.mx.aol.com internet address = 205.188.156.248
mailin-02.mx.aol.com internet address = 205.188.249.91
mailin-03.mx.aol.com internet address = 205.188.252.17
Hey, let's see if their ducks are in a row! To query the PTR record for
the first one just type this:
> 248.156.188.205.in-addr.arpa
After pressing enter you should see something like this :
Non-authoritative answer:
248.156.188.205.in-addr.arpa name = dd.mx.aol.com
What!? dd.mx.aol.com != mailin-01.mx.aol.com. Well that's OK, aol is
probably not sending any mail out from this box here ;) Likely, that
"box" is a load balancer of some type... OK, trawling through some logs
here I do see them sending mail from host imo-d05.mx.aol.com which has
an
address of 205.188.157.37. Let's check it out!
> set type=a
> imo-d05.mx.aol.com
Server: dns-01.ns.aol.com
Address: 64.12.51.132
Name: imo-d05.mx.aol.com
Address: 205.188.157.37
[Yup, still sitting on the same addy]
> set type=ptr
> 37.157.188.205.in-addr.arpa
Server: dns-01.ns.aol.com
Address: 64.12.51.132
37.157.188.205.in-addr.arpa name = imo-d05.mx.aol.com
[This time we have a match! AOL admins know what they're doing.]
157.188.205.in-addr.arpa nameserver = dns-02.ns.aol.com
157.188.205.in-addr.arpa nameserver = dns-01.ns.aol.com
dns-01.ns.aol.com internet address = 64.12.51.132
dns-02.ns.aol.com internet address = 205.188.157.232
So yeppers, all aol.com ducks in a row for that outbound server. As you
can see nslookup also tells you what name servers have authority for the
address space containing 205.188.157.37. Using a whois tool you can
lookup who has registered ownership of the IP block. Now we're getting
off on a spam fighting tangent....
if you want to script nslookup to do auditing you can use the tool like
this to query one address at a time. Now you can loop over a whole
block
of IPs that you might own in a batch file or powershell or whatever:
C:\>nslookup -type=ptr 37.157.188.205.in-addr.arpa dns-01.ns.aol.com
The last argument (dns server to query) is optional. By default,
nslookup
should be querying the first dns server listed in your ipconfig /all
output. If you're at the nslookup prompt the command "server
<serverName|IP> will do the same thing. Check the ? command to see
other
commands. Note: -type=a would be redundant since it's the default query
type assumed and obviously -type=mx could be useful in the email world
as
well.
~JasonG
--
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja ~
************************************************************************
**************************
Note:
The information contained in this message may be privileged and
confidential and
protected from disclosure. If the reader of this message is not the
intended
recipient, or an employee or agent responsible for delivering this
message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If
you
have received this communication in error, please notify us immediately
by
replying to the message and deleting it from your computer.
************************************************************************
**************************
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja ~
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja ~
**************************************************************************************************
Note:
The information contained in this message may be privileged and confidential
and
protected from disclosure. If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this message to
the intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited. If you
have received this communication in error, please notify us immediately by
replying to the message and deleting it from your computer.
**************************************************************************************************
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
~ http://www.sunbeltsoftware.com/Ninja ~
