Port number used by DNS/nslookup command

Port number used by DNS (53 for TCP/UDP)

 DNS primarily uses UDP for communication. The reason is that the data exchanged in name resolution is small and we want to reduce overhead.

 When using TCP, data cannot be sent unless a session is established with a three-way handshake. In addition, processing such as acknowledgment and retransmission is performed to ensure reliability, which increases overhead.

 Name resolution queries require immediacy, and above all, it is inefficient to use TCP to exchange small amounts of data.

 Name resolution by DNS is designed so that both inquiries and responses can be performed in 1 packet, up to 512 bytes, due to the limitations of UDP. This 512 bytes limit eliminates problems such as fragmentation and packet arrival order changes.

 TCP port number 53 is used for zone transfer performed by the secondary DNS server to replicate the data held by the primary DNS server.

Your firewall should be configured so that DNS packets are not filtered.

DNS (nslookup command)

 nslookup is an old command that has been used since the beginning of DNS development on UNIX. This is a command to manually run the DNS name resolution function and can be relied upon when troubleshooting.

You can refine your search for records such as forward/reverse lookup, A record/NS record/MX record.

 As similar commands, UNIX and Linux have more advanced commands such as "dig command" and "host command". In the Windows OS environment, only "nslookup.exe" is provided.

Here, I will introduce how to use the Windows "nslookup.exe" command.

Open a command prompt and type "nslookup".

c:\>nslookup

◆ DNS search specifying FQDN name

 Searches for DNS servers are based on searching for A records using FQDN names. Here, enter "www.yahoo.co.jp".

>www.yahoo.co.jp

In Windows Vista, nslookup behaves a little differently. "Unauthorized answer" is returned as a result.

This indicates that you are referencing the nameserver cache (non-authoritative answers).

You can see that "www.yahoo.co.jp" is an alias.

◆Reverse pointer search

 You can search FQDN name from IP address. You can search the reverse lookup record (PTR record) of the DNS server.

I will enter the IP address of "www.yahoo.co.jp" that I asked for earlier.

By specifying the table below, various information other than the association between the FQDN name and the IP address will be returned.

 ● set querytype=record you want to see

commandcontent
set querytype=soaSOA record (basic information about domain in DNS server)
set querytype=nsNS record (DNS server for your domain)
set querytype=mxMX record (your domain's mail server)
set querytype=aA record (associating a host name with an IP address)

 set querytype=record you want to see