Bash shell script to query a domain name using dig without the any flag

How do I get all of the DNS records for a domain using the dig command in only “Answer Section” (+answer) format? The command should return A, MX, NS, TXT, SOA and CNAME records.

Normally using the “any” flag, we would get all of this information at once, however, when attempting to run a dig command with the ‘any’ switch, we do not get the DNS records we want:

dig jasoncoltrin.com any

The above command returns an answer section with only: “RFC8428” “”

According to chatgpt, this means that the ‘any’ query type is not guaranteed to return all the records for a given name, and some DNS servers may choose to return an empty answer instead. This is done to improve the performance and security of the DNS system.

Still, I want to have a single command to get the most information at once, and the following command does so, however, writing the command is impractical:

dig +noall +answer +multi jasoncoltrin.com A jasoncoltrin.com MX jasoncoltrin.com NS jasoncoltrin.com TXT jasoncoltrin.com SOA jasoncoltrin.com CNAME

I also tried the following with no luck:

dig +noall +answer jasoncoltrin.com A,MX,NS,TXT

This only returned the A records.

So instead, we can use a bash script to create a $domain variable, and have the script use the ‘read’ command to prompt us for the domain name:

#!/bin/bash

read -p "Enter the domain name: " domain

dig +noall +answer +multi $domain A $domain MX $domain NS $domain TXT $domain SOA $domain CNAME

To write the script, do the following:

vi digdomain.sh

(insert) > copy/paste script > (Escape) > :wq

Then make the script executable with the command:

chmod +x digdomain.sh

Run the command using the ./ prefix:

./digdomain.sh

When we run the script, we’re prompted for the domain name, then the result is most of the information we want in an easy-to-read format:

jason@ubuntu0:~$ ./digdomain.sh
Enter the domain name: jasoncoltrin.com
jasoncoltrin.com.       118 IN A 172.67.196.181
jasoncoltrin.com.       118 IN A 104.21.44.69
jasoncoltrin.com.       1854 IN MX 10 mailstore1.secureserver.net.
jasoncoltrin.com.       1854 IN MX 0 smtp.secureserver.net.
jasoncoltrin.com.       5652 IN NS daisy.ns.cloudflare.com.
jasoncoltrin.com.       5652 IN NS lee.ns.cloudflare.com.
jasoncoltrin.com.       300 IN TXT "Currently located in a black hole\" \"Likely to be eaten by a grue"
jasoncoltrin.com.       300 IN TXT "google-site-verification=key"
jasoncoltrin.com.       300 IN TXT "google-site-verification=key"
jasoncoltrin.com.       2052 IN SOA daisy.ns.cloudflare.com. dns.cloudflare.com. (
                                2305113011 ; serial
                                10000      ; refresh (2 hours 46 minutes 40 seconds)
                                2400       ; retry (40 minutes)
                                604800     ; expire (1 week)
                                3600       ; minimum (1 hour)
                                )

This made me happy because I had forgotten about my easter egg TXT record. 🙂

Install OpenDNS Umbrella Virtual Appliances on Hyper-V 2012 R2

You’re probably already familiar with OpenDNS; the service has long been trusted with consumer-grade firewalls and Wi-Fi Access Points. OpenDNS is now owned by Cisco, and the service is relatively inexpensive at approximately $115 for a three-year, 250-license package on CDW. OpenDNS Umbrella extends that protection to your enterprise by categorizing your DNS traffic in the OpenDNS data centers, rather than relying on your own firewall’s DNS capabilities. This is especially useful if you are running pfSense firewalls, as the packaged domain blocking and reporting is minimal in several areas.

In addition to Umbrella, OpenDNS can protect your roaming devices by installing a remote client. For now, we’ll look at the default reporting and why it’s necessary to set up virtual appliances.

Read the rest of the article here:

https://4sysops.com/archives/install-opendns-umbrella-virtual-appliances-on-hyper-v-2012-r2/

Exchange/Outlook 2010 autodiscover certificate error name mismatch

Exchange/Outlook 2010 autodiscover certificate error name mismatch

Recently some users have been receiving the following autodiscover certificate error when opening outlook:

Security Alert: autodiscover.domainname.org

Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site’s security certificate.

√ The security certificate is from a trusted party

√ The security certificate date is valid

X The name on the security certificate is invalid or does not match the name of the site

Firstly, we host exchange at a different hostedexchange.com, and our autodiscover uses a wildcard certificate “*.hostedexchange.com”. So starting with the client I made sure to view the certificate. The correct name on the certificate listed was “*hostedexchange.com.”

1. I installed the certificate on to the client PC into the trusted store. Closed outlook/opened again and still the same error.

2. I looked at the proxy settings in the account setup and found that the ‘server name’ and msstd: were correct, they were.

3. We used nslookup externally and found that there are no valid dns records pointing to autodiscover.domainname.org

4. We used https://www.testexchangeconnectivity.com/ and found that while it does automatically check for autodiscover.domainname.org, dns did not return a value; it failed

5. From the client we were able to ping autodiscover.domainname.com, the ping returned an internal ip address of our mail server.

6. So from the results above it appears as though the client (or citrix server’s hosted desktop in this instance) had an incorrect dns entry.

7. From a (run as administrator) command prompt I issued an “ipconfig /flushdns” command on the client server but the error persisted, and pings still replied from autodiscover.domainname.org

8. We checked the hosts file on the server (c:\windows\system32\drivers\etc), and sure enough there was an old entry for autodiscover.domainname.org

9. In order to edit the hosts file, did a “Run as administrator” to open notepad, edited the file and saved successfully.

10. Issued another ipconfig /flushdns

Now when the client opens, the request to get autodiscover.domainname.org fails, and there is no mismatch of certificate names.