It works for me........ -----Original Message----- From: Maglinger, Paul [mailto:pmaglin...@scvl.com] Sent: Monday, February 23, 2009 12:05 PM To: MS-Exchange Admin Issues Subject: RE: HOWTO: do reverse lookups (PTR records) with the nslookup tool
Oh... NOW you've done it! Ya broke the website... Internet Explorer cannot display the webpage Most likely causes: You are not connected to the Internet. The website is encountering problems. There might be a typing error in the address. What you can try: Diagnose Connection Problems More information This problem can be caused by a variety of issues, including: Internet connectivity has been lost. The website is temporarily unavailable. The Domain Name Server (DNS) is not reachable. The Domain Name Server (DNS) does not have a listing for the website's domain. If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section. For offline users You can still view subscribed feeds and some recently viewed webpages. To view subscribed feeds Click the Favorites Center button , click Feeds, and then click the feed you want to view. To view recently visited webpages (might not work on all pages) Click Tools , and then click Work Offline. Click the Favorites Center button , click History, and then click the page you want to view. -----Original Message----- From: Campbell, Rob [mailto:rob_campb...@centraltechnology.net] Sent: Monday, February 23, 2009 11:31 AM To: MS-Exchange Admin Issues Subject: RE: HOWTO: do reverse lookups (PTR records) with the nslookup tool I ran across this over the weekend. Haven't tried it yet, but looks like it might be good stuff. http://huddledmasses.org/update-to-poshnet-and-get-dns/ -----Original Message----- From: Jason Gurtz [mailto:jasongu...@npumail.com] Sent: Monday, February 23, 2009 11:23 AM To: MS-Exchange Admin Issues Subject: HOWTO: do reverse lookups (PTR records) with the nslookup tool Note: the dig tool is easier and better than nslookup, but unfortunately doesn't come with windows. You can download the Windows port of the BIND name server and find dig there, but that's extra steps to find out just what dlls you also need, etc... If you're going to do this a lot I do recommend that you take the time to learn dig instead of nslookup. > In the reverse DNS section of this tool, do I need to check the box? I > don't host my external DNS records, so I don't know what PTR records, if > any, are out there. Open cmd prompt. Type nslookup and press enter. At the new "> " prompt type set type=ptr and press enter wacky thing #1: IP addy that you query is backwards from what it is wacky thing #2: you are querying for the backwards address in this weird domain called in-addr.arpa. You can think of .in-addr.arpa as being to IP addresses the same as .com. or .org. are to domain names. It is the story of the whale; it's just how it is. So, for example let's look up some aol.com PTR records...3 MX records I see are: mailin-01.mx.aol.com internet address = 205.188.156.248 mailin-02.mx.aol.com internet address = 205.188.249.91 mailin-03.mx.aol.com internet address = 205.188.252.17 Hey, let's see if their ducks are in a row! To query the PTR record for the first one just type this: > 248.156.188.205.in-addr.arpa After pressing enter you should see something like this : Non-authoritative answer: 248.156.188.205.in-addr.arpa name = dd.mx.aol.com What!? dd.mx.aol.com != mailin-01.mx.aol.com. Well that's OK, aol is probably not sending any mail out from this box here ;) Likely, that "box" is a load balancer of some type... OK, trawling through some logs here I do see them sending mail from host imo-d05.mx.aol.com which has an address of 205.188.157.37. Let's check it out! > set type=a > imo-d05.mx.aol.com Server: dns-01.ns.aol.com Address: 64.12.51.132 Name: imo-d05.mx.aol.com Address: 205.188.157.37 [Yup, still sitting on the same addy] > set type=ptr > 37.157.188.205.in-addr.arpa Server: dns-01.ns.aol.com Address: 64.12.51.132 37.157.188.205.in-addr.arpa name = imo-d05.mx.aol.com [This time we have a match! AOL admins know what they're doing.] 157.188.205.in-addr.arpa nameserver = dns-02.ns.aol.com 157.188.205.in-addr.arpa nameserver = dns-01.ns.aol.com dns-01.ns.aol.com internet address = 64.12.51.132 dns-02.ns.aol.com internet address = 205.188.157.232 So yeppers, all aol.com ducks in a row for that outbound server. As you can see nslookup also tells you what name servers have authority for the address space containing 205.188.157.37. Using a whois tool you can lookup who has registered ownership of the IP block. Now we're getting off on a spam fighting tangent.... if you want to script nslookup to do auditing you can use the tool like this to query one address at a time. Now you can loop over a whole block of IPs that you might own in a batch file or powershell or whatever: C:\>nslookup -type=ptr 37.157.188.205.in-addr.arpa dns-01.ns.aol.com The last argument (dns server to query) is optional. By default, nslookup should be querying the first dns server listed in your ipconfig /all output. If you're at the nslookup prompt the command "server <serverName|IP> will do the same thing. Check the ? command to see other commands. Note: -type=a would be redundant since it's the default query type assumed and obviously -type=mx could be useful in the email world as well. ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ************************************************************************ ************************** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ************************************************************************ ************************** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ************************************************************************************************** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ************************************************************************************************** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~