TZWorks LLC
System Analysis and Programming
www.tzworks.com


TZWorks®
DNS Query Utility - dqu

(Version 0.48)



Information about our End User's License Agreements (EULAs)
for software on TZWorks, LLC Website www.tzworks.com

User Agreement

TZWorks LLC software and related documentation ("Software") is governed by separate licenses issued from TZWorks LLC. The User Agreement, Disclaimer, and/or Software may change from time to time. By continuing to use the Software after those changes become effective, you agree to be bound by all such changes. Permission to use the Software is granted provided that (1) use of such Software is in accordance with the license issued to you and (2) the Software is not resold, transferred or distributed to any other person or entity. Refer to your specific EULA issued to for your specific the terms and conditions. There are 3 types of licenses available: (i) for educational purposes, (ii) for demonstration and testing purposes and (iii) business and/or commercial purposes. Contact TZWorks LLC (info@tzworks.com) for more information regarding licensing and/or to obtain a license. To redistribute the Software, prior approval in writing is required from TZWorks LLC. The terms in your specific EULA do not give the user any rights in intellectual property or technology, but only a limited right to use the Software in accordance with the license issued to you. TZWorks LLC retains all rights to ownership of this Software.

Export Regulation

The Software is subject to U.S. export control laws, including the U.S. Export Administration Act and its associated regulations. The Export Control Classification Number (ECCN) for the Software is 5D002, subparagraph C.1. The user shall not, directly or indirectly, export, re-export or release the Software to, or make the Software accessible from, any jurisdiction or country to which export, re-export or release is prohibited by law, rule or regulation. The user shall comply with all applicable U.S. federal laws, regulations and rules, and complete all required undertakings (including obtaining any necessary export license or other governmental approval), prior to exporting, re-exporting, releasing, or otherwise making the Software available outside the U.S.

Disclaimer

The user agrees that this Software made available by TZWorks LLC is experimental in nature and use of the Software is at user's sole risk. The Software could include technical inaccuracies or errors. Changes are periodically added to the information herein, and TZWorks LLC may make improvements and/or changes to Software and related documentation at any time. TZWorks LLC makes no representations about the accuracy or usability of the Software for any purpose.

ALL SOFTWARE ARE PROVIDED "AS IS" AND "WHERE IS" WITHOUT WARRANTY OF ANY KIND INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR ANY PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT SHALL TZWORKS LLC BE LIABLE FOR ANY KIND OF DAMAGE RESULTING FROM ANY CAUSE OR REASON, ARISING OUT OF IT IN CONNECTION WITH THE USE OR PERFORMANCE OF INFORMATION AVAILABLE FROM THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY DAMAGES FROM ANY INACCURACIES, ERRORS, OR VIRUSES, FROM OR DURING THE USE OF THE SOFTWARE.

Removal

The Software are the original works of TZWorks LLC. However, to be in compliance with the Digital Millennium Copyright Act of 1998 ("DMCA") we agree to investigate and disable any material for infringement of copyright. Contact TZWorks LLC at email address: info@tzworks.com, regarding any DMCA concerns.


About the dqu Tool (top)

dqu is a command line tool to perform (a) DNS queries to and (b) display replies from a specified DNS server. All the DNS functionality that dqu provides can be obtained from other built in tools. nslookup is a good example. dqu adds the capability for one to pipe queries into the tool via standard input. It also formats the output in either CSV (default) or XML. This allows easy viewing in excel or some other offline analysis tool.

The specific DNS query records that dqu can currently handle are class 1 (for Internet) and include the following types:

Each query is tunable to handle: (a) number of retry attempts, (b) timeout in seconds to wait for a reply (c) delay in seconds for each successive query, if processing requests from a STDIN (standard input) pipe and (d) a specified DNS server to send the query to.

To use this tool, an authentication file is required to be in the same directory as the binary in order for the tool to run.


Usage (top)

Below is the menu with the various options. Details of each option can be found here.

    usage:

     dqu -url <domain to lookup> -server <dns srv ip>
     dqu -ip <ip addr to lookup> -server <dns srv ip>
     dqu -mx <mail host to lookup> -server <dns srv ip>
     dqu -ns <domain to lookup> -server <dns srv ip>
     dqu -cname <domain to lookup> -server <dns srv ip>
     dqu -txt <url to query> -server <dns srv ip>

    These versions use STDIN for piping in input:
     dqu -url_pipe -server <dns srv ip>
     dqu -ip_pipe -server <dns srv ip>
     dqu -mx_pipe -server <dns srv ip>
     dqu -ns_pipe -server <dns srv ip>
     dqu -cname_pipe -server <dns srv ip>
     dqu -txt_pipe -server <dns srv ip>

    Available options:
      -timeout <in secs>
      -retry <num>           = if we timeout, num of retries
      -delay <secs>          = delay in secs between each query
      -xml                   = output the data in xml format
      -csv                   = output in comma separated value format
      -verbose               = shows hex dump of packets (not in xml mode)
      -no_whitespace         = remove whitespace between csv delimiter
      -csv_separator "|"     = use a pipe char for csv separator
      -dateformat mm/dd/yyyy = "yyyy-mm-dd" is the default
      -timeformat hh:mm:ss   = "hh:mm:ss.xxx" is the default
      -filter <*partial*>    = filters data from stdin using pipe

    example of using std input and redirecting the output to a file
     type hosts.txt | dqu -url_pipe -server 8.8.8.8 > results.txt

Examples (top)

Below are examples of using dqu, while querying the public Google DNS resolver. For a list of public DNS resolvers, see reference 2 at the end of this readme.

1. If you have a domain name that you wish to resolve into an IP address.

     dqu -url google.com -server 8.8.8.8 

    ... sample output ...

      query     , comment, status ,  id , DNS serv,   date ,     time [UTC] , type, type, class, ttl, size,   data

    google.com. , answer , success, 003c, 8.8.8.8  , 07/01/2011, 17:56:33.000,   1,    A,    1,   199,   4, 74.125.115.103
    google.com. , answer , success, 003c, 8.8.8.8  , 07/01/2011, 17:56:33.000,   1,    A,    1,   199,   4, 74.125.115.104
    google.com. , answer , success, 003c, 8.8.8.8  , 07/01/2011, 17:56:33.000,   1,    A,    1,   199,   4, 74.125.115.147
    google.com. , answer , success, 003c, 8.8.8.8  , 07/01/2011, 17:56:33.000,   1,    A,    1,   199,   4, 74.125.115.106
    google.com. , answer , success, 003c, 8.8.8.8  , 07/01/2011, 17:56:33.000,   1,    A,    1,   199,   4, 74.125.115.105
    google.com. , answer , success, 003c, 8.8.8.8  , 07/01/2011, 17:56:33.000,   1,    A,    1,   199,   4, 74.125.115.99

2. Performing the same query with details of the packet that was sent and received:

    dqu -url google.com -server 8.8.8.8 -verbose

    ... sample output [the packet details are shown]...

    packet that was sent
    0000 0000:  2c 00 01 00 00 01 00 00  00 00 00 00 06 67 6f 6f  ,............goo
    0000 0010:  67 6c 65 03 63 6f 6d 00  00 01 00 01              gle.com.....

    packet that was recv'd
    0000 0000:  2c 00 81 80 00 01 00 06  00 00 00 00 06 67 6f 6f  ,............goo
    0000 0010:  67 6c 65 03 63 6f 6d 00  00 01 00 01 c0 0c 00 01  gle.com.........
    0000 0020:  00 01 00 00 00 a1 00 04  4a 7d 73 67 c0 0c 00 01  ........J}sg....
    0000 0030:  00 01 00 00 00 a1 00 04  4a 7d 73 68 c0 0c 00 01  ........J}sh....
    0000 0040:  00 01 00 00 00 a1 00 04  4a 7d 73 93 c0 0c 00 01  ........J}s.....
    0000 0050:  00 01 00 00 00 a1 00 04  4a 7d 73 6a c0 0c 00 01  ........J}sj....
    0000 0060:  00 01 00 00 00 a1 00 04  4a 7d 73 69 c0 0c 00 01  ........J}si....
    0000 0070:  00 01 00 00 00 a1 00 04  4a 7d 73 63              ........J}sc

3. If you have an IP address that you wish to resolve to a domain name

    dqu -ip 74.125.115.103 -server 8.8.8.8

    ... sample output ...

      query                     , comment, status ,  id , DNS serv,   date ,     time [UTC] , type, type, class, ttl, size,   data
    103.115.125.74.in-addr.arpa., answer , success, 0025, 8.8.8.8 , 07/01/2011, 18:00:21.000,  12,  PTR,    1, 86400,  22, vx-in-f103.1e100.net.

4. If you want to resolve the mail exchange IP address associated with an email domain using the verbose option.

            
    dqu -mx gmail.com -server 8.8.8.8

      query   , comment, status ,  id , DNS serv,   date ,     time [UTC] , type, type, class, ttl, size,   data 

    gmail.com., answer , success, 004e, 8.8.8.8 , 07/01/2011, 18:05:39.000,  15,   MX,    1,  3582,  32,  30, alt3.gmail-smtp-in.l.google.com.
    gmail.com., answer , success, 004e, 8.8.8.8 , 07/01/2011, 18:05:39.000,  15,   MX,    1,  3582,   9,  40, alt4.gmail-smtp-in.l.google.com.
    gmail.com., answer , success, 004e, 8.8.8.8 , 07/01/2011, 18:05:39.000,  15,   MX,    1,  3582,   4,   5, gmail-smtp-in.l.google.com.
    gmail.com., answer , success, 004e, 8.8.8.8 , 07/01/2011, 18:05:39.000,  15,   MX,    1,  3582,   9,  20, alt2.gmail-smtp-in.l.google.com.
    gmail.com., answer , success, 004e, 8.8.8.8 , 07/01/2011, 18:05:39.000,  15,   MX,    1,  3582,   9,  10, alt1.gmail-smtp-in.l.google.com.

List of options (top)

Option Description
-server Specifies the DNS server's IP address to use as your DNS resolver. The syntax is: -server <DNS server IP address>.
-url Lookup up a URL. The syntax is: -url <domain to lookup> -server <DNS server IP address>.
-ip Lookup up a IP address. The syntax is: -ip <IP address to lookup> -server <DNS server IP address>.
-mx Lookup up a mail exchange record. The syntax is: -mx <mail host to lookup> -server <DNS server IP address>.
-ns Lookup up a name space. The syntax is: -ns <domain to lookup> -server <DNS server IP address>.
-cname Lookup up a cname record. The syntax is: -cname <domain to lookup> -server <DNS server IP address>.
-txt DNS query with any text. The syntax is: -txt <URL to query> -server <DNS server IP address>.
-url_pipe Same function as the -url option, but allows piping in URL requests via STDIN (standard input). Each request passed in is processed in sequence. The syntax is: -url_pipe -server <DNS server IP address>.
-ip_pipe Same function as the -ip option, but allows piping in IP requests via STDIN (standard input). Each request passed in is processed in sequence. The syntax is: -ip_pipe -server <DNS server IP address>.
-mx_pipe Same function as the -mx option, but allows piping in MX requests via STDIN (standard input). Each request passed in is processed in sequence. The syntax is: -mx_pipe -server <DNS server IP address>.
-ns_pipe Same function as the -ns option, but allows piping in NS requests via STDIN (standard input). Each request passed in is processed in sequence. The syntax is: -ns_pipe -server <DNS server IP address>.
-cname_pipe Same function as the -cname option, but allows piping in CNAME requests via STDIN (standard input). Each request passed in is processed in sequence. The syntax is: -cname_pipe -server <DNS server IP address>.
-txt_pipe Same function as the -txt option, but allows piping in TXT requests via STDIN (standard input). Each request passed in is processed in sequence. The syntax is: -txt_pipe -server <DNS server IP address>.
-filter Filters data passed in via stdin via one of the pipe option. The syntax is -filter <"*partialname1* | *partialname2* | ...">. The wildcard character '*' is restricted to either before the name or after the name.
-timeout Number of seconds to wait for a response before failing. The syntax is: -timeout <number of seconds>.
-retry Number of retries before failing. The syntax is: -retry <number of times>.
-delay Number of seconds to wait before each query (for commands that use piping). The syntax is: -delay <number of seconds>.
-xml Output data in XML format.
-csv Outputs the data fields delimited by commas. Since filenames can have commas, to ensure the fields are uniquely separated, any commas in the filenames get converted to spaces.
-verbose Display raw packet data as a hexadecimal dump. Not available if used with -xml option.
-no_whitespace Used in conjunction with -csv option to remove any whitespace between the field value and the CSV separator.
-csv_separator Used in conjunction with the -csv option to change the CSV separator from the default comma to something else. Syntax is -csv_separator "|" to change the CSV separator to the pipe character. To use the tab as a separator, one can use the -csv_separator "tab" OR -csv_separator "\t" options.
-dateformat Output the date using the specified format. Default behavior is -dateformat "yyyy-mm-dd". Using this option allows one to adjust the format to mm/dd/yy, dd/mm/yy, etc. The restriction with this option is the forward slash (/) or dash (-) symbol needs to separate month, day and year and the month is in digit (1-12) form versus abbreviated name form.
-timeformat Output the time using the specified format. Default behavior is -timeformat "hh:mm:ss.xxx" One can adjust the format to microseconds, via "hh:mm:ss.xxxxxx" or nanoseconds, via "hh:mm:ss.xxxxxxxxx", or no fractional seconds, via "hh:mm:ss". The restrictions with this option is that a colon (:) symbol needs to separate hours, minutes and seconds, a period (.) symbol needs to separate the seconds and fractional seconds, and the repeating symbol 'x' is used to represent number of fractional seconds. (Note: the fractional seconds applies only to those time formats that have the appropriate precision available. The Windows internal filetime has, for example, 100 nsec unit precision available. The DOS time format and the UNIX 'time_t' format, however, have no fractional seconds). Some of the times represented by this tool may use a time format without fractional seconds and therefore will not show a greater precision beyond seconds when using this option.
-utf8_bom All output is in Unicode UTF-8 format. If desired, one can prefix an UTF-8 byte order mark to the CSV output using this option.

Authentication and License File (top)

This tool has authentication built into the binary. The primary authentication mechanism is the digital X509 code signing certificate embedded into the binary (Windows and macOS).

The other mechanism is the runtime authentication, which applies to all the versions of the tools (Windows, Linux and macOS). The runtime authentication ensures that the tool has a valid license. The license needs to be in the same directory of the tool for it to authenticate. Furthermore, any modification to the license, either to its name or contents, will invalidate the license.

Limited versus Demo versus Full in the tool's output banner

The tools from TZWorks will output header information about the tool's version and whether it is running in limited, demo or full mode. This is directly related to what version of a license the tool authenticates with. The limited and demo keywords indicates some functionality of the tool is not available, and the full keyword indicates all the functionality is available. The lacking functionality in the limited or demo versions may mean one or all of the following: (a) certain options may not be available, (b) certain data may not be outputted in the parsed results, and (c) the license has a finite lifetime before expiring.


Version history (top)


References (top)

  1. RFC 1035 - Domain Names - Implementation and specification
  2. Some available public DNS resolvers:
  3. nslookup
  4. ipconfig /displaydns = to display the DNS resolver cache
  5. ipconfig /flushdns = to flush the DNS resolver cache