Wolfgang said:
What is the difference between the "Nslookup" and "whois" instruments?
nslookup queries the DNS servers for information. The name ip address
mapping is one part of this information. It also stores information
about mail exchangers, reverse lookups (ip to name mapping) and much
more. If you set the querytype to ANY you see most of it.
The DNS servers hold the current relevant data used for the mapping of
host names to IP addresses.
whois queries whois servers. Those are servers holding information about
domain registrations, i.e. they are generally run by company/whoever
runs the top-level-domain (TLD). Whois server hold (real) contact
information for domains like the administrative, technical and billing
contact. Part of this whois information are the names (not necessarily
the ip addresses) of the DNS servers that do the (original/master)
mapping of the host names to ip addresses for that particular domain.
The company that runs the TLD basically supports a whois server that
returns the contact details about a domain in this TLD and runs the root
DNS server for that TLD that provides the information about the DNS
servers which hold the detailed mappings for that domain.
For example, a .info domain abc.info: the whois server
whois.afilias.info for .info would contain the postal address of the
registrant of that domain etc. It contains also the names or ip
addresses of the DNS servers that provide the DNS service for that domain.
The internet root DNS servers contain the mapping of the TLD names to
the TLD domain servers. If you do
nslookup abc.info a.root-servers.net
You'll receive a list of DNS servers that provide information about
..info domains, e.g. a9.info.afilias-nst.info, thus
nslookup abc.info a9.info.afilias-nst.info
will return you the list of dns servers with the details about the
domain abc.info. This list is the same as on the whois server.
If you pick on of the DNS servers serving a particular domain you'll get
more details and that DNS servers will most likely also provide the
mapping of host names to ip addresses.
I can pass a domain name as parameter to both tools and will get back their IP
Or vice versa.
Generally, domain names do not have an ip address. It is now common to
define one but in general it does not need one. apple.com is a domain.
www.apple.com is a host name in that domain. apple.com has an added
entry to map a host name "apple.com" to an ip address as a shortcut.
Whois is also used to map IP address ranges (like a public company IP
network) to contact information. If you'll pass an ip address to whois
it returns you the contact information whoever is responsible for the ip
range in which the ip address is. This is not necessarily linked to a
particular domain name. If it is a web hoster whois of an ip address
returns you the contact details of that web hoster but not about the
domains registered by this web hoster for its users.
Gerald
