OS X comes with an app named Terminal which gives you full access to the BSD shell. At the prompt, type traceroute hostname.com (replacing hostname.com with the domain you wish to trace) and you will get the path to that hostname. You can also use other standard Unix tools such as dig.
As a long-time user of BIND, I usually fall on the floor in an apoplectic fit when I see system or network administrators using the nslookup command instead of dig while troubleshooting DNS problems. Contrary to popular opinion, it isn’t that I feel a sense of superiority because I’ve learned to use this somewhat intimidating command, but because it really is the better option. Here are a few reasons why.
Did you know nslookup (short for name server lookup) is deprecated? That’s right, the command that’s bundled in every version of Windows and many other operating systems is no longer recommended by the company who licensed it, Internet Systems Consortium, distributors of the most prolific DNS server software, BIND. From the BIND manual at ISC’s site:
“Due to its arcane user interface and frequently inconsistent behavior, we do not recommend the use of nslookup. Use dig instead.”
So why is everyone still including it if it’s so old and creaky? Probably for the same reason people eat junk food even though they know it will make them fat: change is hard.
I know what you’re thinking, “Well, nslookup works and it’s included with my OS, why should I have to go download and learn yet another tool?” Here’s the good news, if you have a Mac or Linux box, it’s already installed, but a really compelling reason is that nslookup doesn’t always work as expected. According to Cricket Liu, that Doyen of DNS, nslookup doesn’t actually use your operating system’s resolver library routines, but its own routines which are based upon the resolver ones. Basically, it’s like buying a knockoff Gucci handbag: looks the same from a distance, but doesn’t really hold up on close examination. Dig shows you the entire DNS response message, which can be useful when trying to figure out difficult issues.
Here’s an example of responses from nslookup and dig for cnn.com:
stasi$ nslookup cnn.com
Server: 10.10.10.1
Address: 10.10.10.1#53
Non-authoritative answer:
Name: cnn.com
Address: 157.166.224.26
Name: cnn.com
Address: 157.166.226.25
Name: cnn.com
Address: 157.166.226.26
Name: cnn.com
Address: 157.166.255.18
Name: cnn.com
Address: 157.166.255.19
Name: cnn.com
Address: 157.166.224.25
———————--
stasi$ dig www.cnn.com
; <<>> DiG 9.6.0-APPLE-P2 <<>> www.cnn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9048
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;www.cnn.com. IN A
;; ANSWER SECTION:
www.cnn.com. 54 IN A 157.166.226.25
www.cnn.com. 54 IN A 157.166.226.26
www.cnn.com. 54 IN A 157.166.255.18
www.cnn.com. 54 IN A 157.166.255.19
www.cnn.com. 54 IN A 157.166.224.25
www.cnn.com. 54 IN A 157.166.224.26
;; AUTHORITY SECTION:
www.cnn.com. 81223 IN NS dmtns02.turner.com.
www.cnn.com. 81223 IN NS dmtns07.turner.com.
www.cnn.com. 81223 IN NS dmtns01.turner.com.
;; ADDITIONAL SECTION:
dmtns01.turner.com. 2041 IN A 157.166.226.169
dmtns02.turner.com. 2041 IN A 157.166.224.169
dmtns07.turner.com. 2041 IN A 157.166.255.15
;; Query time: 15 msec
;; SERVER: 10.10.10.1#53(10.10.10.1)
;; WHEN: Mon Oct 3 18:46:52 2011
;; MSG SIZE rcvd: 246
Check out the difference. Running each command without any options, you’ll notice how much more information is included with the output from dig. Even though my response is cached (as demonstrated by the “non-authoritative” statement in the nslookup answer), I still receive the TTL of each record and the authoritative nameservers for the domain. I’d have to type more characters with nslookup to get that and I still don’t get the TTL.
stasi$ nslookup
> set query=any
> cnn.com
Server: 10.10.10.1
Address: 10.10.10.1#53
Non-authoritative answer:
Name: cnn.com
Address: 157.166.224.26
Name: cnn.com
Address: 157.166.226.25
Name: cnn.com
Address: 157.166.226.26
Name: cnn.com
Address: 157.166.255.18
![Dig Dig](http://cdn.osxdaily.com/wp-content/uploads/2015/03/dns-lookup-host-command.jpg)
Name: cnn.com
Address: 157.166.255.19
Name: cnn.com
Address: 157.166.224.25
cnn.com nameserver = ns1.timewarner.net.
cnn.com nameserver = ns5.timewarner.net.
cnn.com nameserver = ns3.timewarner.net.
Authoritative answers can be found from:
cnn.com nameserver = ns3.timewarner.net.
cnn.com nameserver = ns1.timewarner.net.
cnn.com nameserver = ns5.timewarner.net.
ns1.timewarner.net internet address = 204.74.108.238
ns3.timewarner.net internet address = 199.7.68.238
ns5.timewarner.net internet address = 204.74.109.238
—————-
Here’s another good example. If a server is blocking recursion, nslookup provides a rather cryptic answer:
stasi$ nslookup
> server ns1.timewarner.net
Default server: ns1.timewarner.net
Address: 204.74.108.238#53
> www.isc.org
Server: ns1.timewarner.net
Address: 204.74.108.238#53
** server can’t find www.isc.org.gwu.edu: SERVFAIL
> quit
Server: ns1.timewarner.net
Address: 204.74.108.238#53
** server can’t find quit: SERVFAIL
———————————–
But if I make the same query with dig:
stasi$ dig @ns1.timewarner.net www.isc.org
; <<>> DiG 9.6.0-APPLE-P2 <<>> @ns1.timewarner.net www.isc.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 5715
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.isc.org. IN A
;; Query time: 255 msec
;; SERVER: 204.74.108.238#53(204.74.108.238)
;; WHEN: Mon Oct 3 19:03:21 2011
;; MSG SIZE rcvd: 29
——————————–
Note the section of the response, “WARNING: recursion requested but not available.” Pretty obvious what the problem is, right?
But let me demonstrate my FAVORITE option with dig, “+trace.” From the man page:
“…It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.”
Here’s a scenario where you might find this useful. Your users are screaming at you, saying that your DNS service is down, because they can’t get to a specific web site. You know it isn’t down, but you need to prove it. It can be very useful in situations of lame delegation, a non-responsive authoritative DNS server or missing glue records. I know, I know, some of these terms sound really esoteric and your eyes just glazed over. But look at the output of the command below and be assured that the final response is BAD even without all those cryptic terms I just used. (I apologize for the crude domain example I’ve used, but it took me awhile to find a domain that threw an error.)
stasi$ dig +trace www.farts.com
; <<>> DiG 9.6.0-APPLE-P2 <<>> +trace www.farts.com
;; global options: +cmd
. 511509 IN NS g.root-servers.net.
. 511509 IN NS h.root-servers.net.
. 511509 IN NS d.root-servers.net.
. 511509 IN NS l.root-servers.net.
. 511509 IN NS b.root-servers.net.
. 511509 IN NS e.root-servers.net.
. 511509 IN NS c.root-servers.net.
. 511509 IN NS f.root-servers.net.
. 511509 IN NS j.root-servers.net.
. 511509 IN NS a.root-servers.net.
. 511509 IN NS i.root-servers.net.
. 511509 IN NS m.root-servers.net.
. 511509 IN NS k.root-servers.net.
;; Received 512 bytes from 10.10.10.1#53(10.10.10.1) in 8 ms
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
;; Received 491 bytes from 192.228.79.201#53(b.root-servers.net) in 75 ms
farts.com. 172800 IN NS ns2.affiliatepros.com.
farts.com. 172800 IN NS ns1.affiliatepros.com.
;; Received 113 bytes from 192.33.14.30#53(b.gtld-servers.net) in 110 ms
dig: couldn’t get address for ‘ns1.affiliatepros.com’: not found
————————————--
So the moral of the story is to use dig. It will make you look really powerful, especially to the grumpy DNS Divas in your organization. They will know the force is strong in you and maybe they’ll start taking your phone calls. You can download the BIND pre-compiled package for Windows (including tools like dig) or source code from the www.isc.org website. By the way, dig actually stands for domain information groper and can you think of anything better than a good grope?
*Note* I’d like to make the following disclaimer to any actual DNS demigods reading this post. It should not be considered exhaustive, but only a short introduction and shameless promotion for one of the best commands invented since “sudo.” And yes, I always compile sudo with the “insults” option.
Game | Dig It! |
Size | 23.60 Mb |
Runs On | Mac |
Original Platform | DOS |
Language | English |
Updated | 2019-10-14 |
While you download, remember to support GamesNostalgia
Help us with a donation
GamesNostalgia is a free site maintained by volunteers. Help us keep the site alive with a donation. Money will be used the pay the costs of the servers and improve the service
File: digit_dos_mac.7z
Click the button below to generate the download link
How to install and play the game
Files for Mac can be run on all versions of OS X.You need to uncompress the 7z archive using the proper software (please use Keka to avoid problems). If the archive contains a DMG, double click it to mount the disk.After that, drag & drop the game icon into Applications (or another folder, Desktop will be fine too).New versions of MacOS block applications from identified developers. If you have this problem, just press Ctrl while clicking the game icon, and select Open.Alternatively you can use the “Open Anyway” button in the General pane of Security & Privacy preferences.
See the Help page for more info.
You may also like
The Lion King (1994)
The Lion King is the video game adaptation of the Disney movie with the same title and was...
Prince of Persia (1990)
Prince of Persia is a fantasy cinematic 2D platformer originally developed and published by...
Mario & Luigi (2001)
Mario & Luigi is a simple but very nice clone of Super Mario Bros developed by Mike Wiering...