Fri, Jun 09, 2017 11:01 pm
Obtaining public IP address from a command line interface
One way to determine the public
for a system, i.e., the IP address that systems on the Internet will see for the
system when you connect to those external systems, from a
command-line interface (CLI) on a
Mac OS X/macOS
system is to use the
dig +short myip.opendns.com @resolver1.opendns.com.
$ dig +short myip.opendns.com @resolver1.opendns.com
Alternatively, you can use an nslookup command as shown below:
$ nslookup myip.opendns.com resolver1.opendns.com
The nslookup method will work on Microsoft Windows systems as well as
OS X/macOS and Linux sysems.
c:\Users\Public\>nslookup myip.opendns.com resolver1.opendns.com
Both commands submit a
Domain Name System (DNS) query to the
DNS server resolver1.opendns.com, a name server maintained by
When you look up the
fully qualified domain name (FQDN) myip.opendns.com,
the OpenDNS server will return the IP address of the system from which
the DNS query originated, i.e., the system on which you ran the dig or
Tue, Jan 17, 2017 10:30 pm
While using Wireshark
troubleshoot a Domain Name System (DNS)
issue for a server that sits
behind a firewall that performs
Network Address Translation (NAT)
, I noticed a DNS
response coming back where Wireshark showed the following in the "Info"
field for a packet:
Standard query response 0x21e1 No such name PTR 126.96.36.199.in-addr.arpa SOA
The server for which I was performing the troubleshooting has an IP
address of 192.168.1.5, which is a
IP address. There are 3 private IP address ranges; these ranges are also
sometimes referred to as "RFC 1918 addresses", since the private IP address
space is defined in RFC 1918
. A Request for Comments (RFC) is a document published by the
Internet Engineering Task Force (IETF). Some RFCs, such
as RFC 1918 become Internet Standards.
[ More Info ]
Thu, Feb 26, 2015 10:04 pm
Adding a new DNS zone to a Windows Server 2012 DNS server
A Windows Server 2012 Essentials system can function as a Domain Name
System (DNS) server. If the system is functioning as a DNS server you can
add additional zones that are integrated with Active Directory (AD) or you
can add them as file-based zones as you would on a Unix/Linux DNS server.
The Windows DNS server can be configured to support forward or
zones. A primary, secondary, or stub zone can be added.
[ More Info ]
Thu, Feb 19, 2015 11:01 pm
Enabling DNS Logging for Windows Server 2012
I wanted to log DNS queries and responses from all systems using a Windows
Server 2012 DNS server, so that I would have DNS logs available for reference
in the event of issues related to malware, etc. I also wanted to rotate the
log files every night, so that the file size wouldn't grow continually until
it reached the maximum 500 MB size I specified for the log file. Instructions
for doing so for a Windows Server 2012 system are
for doing so on a Microsoft Windows Small Business Server (SBS) are
at Enabling DNS Logging on a Windows
SBS 2003 Server
Sat, Dec 20, 2014 1:58 pm
Viewing history of DNS server and IP Changes for a Domain
If you wish to view a history of
Domain Name System
server changes for a domain name, you can do so through
the WhoISrequest Domain History
, which tracks nameserver changes since 2002 for all COM, NET, ORG,
INFO, BIZ and US domains.
E.g., if I put
sailormoonworld.com, which was registered in 1998, in the search field, I
can see a list of all of the DNS servers that translated the
qualified domain name (FQDN) to an IP address since WhoISrequest began
tracking name server changes in 2002. The history information for that
particular domain shows that registration for the domain name lapsed in
2013 and the domain name was picked up by a
domain name squatter
then. The domain name squatter let the domain registration lapse in the
summer of 2014. I re-registered the domain name for the original owner, a
family member, in October.
You can also view such information through the
DNS History site, which notes
"Here at DNS History we have been crawling DNS records since 2009, our index
currently contains over 200 million domains and discovering over a billion DNS
If I put sailormoonworld.com in the Doman Search field on that site,
though, it does not have any information on it, though it does have information
on moonpoint.com, though that information was last updated on 2010-08-11, so
that site's information does not appear to be as comprehensive nor as
up-to-date as the information provided through the WhoISRequest site.
You can also find past name server and registration information through
the who.is Search Domain DNS and Name Server
Information page. When you put a domain name in the search field,
and click on "Search DNS and Name Servers", you will see information
on the domain, such as name servers, SOA record, DNS records, including
the mail exchanger (MX) servers for the domain. If you click on the
History tab above that information, you will see past domain
name registrars and name servers associated with the domain.
If you wish to see prior IP addresses associated with a domain name,
you can use ViewDNSInfo IP
History. I noticed when I checked sailormoonworld.com with
its tool, though, that it is not showing a change made near the end of October
for that domain. The last change it shows was for 2014-07-05. The site also
has a lot of other tools, e.g.
Google Pagerank Checker, etc.
Sun, Dec 07, 2014 7:30 pm
Rotate the DNS server log file on a Windows server
For a site where a
Windows Small Business Server (SBS) 2003
system serves as a
wanted to rotate the DNS log file every night at midnight. The log file is
and I'd like to close the current log at
midnight renaming it to
where YYYY is the 4-digit
year, MM, the month (1-12) and DD the day (1-31). The system date can be put in
using substring extraction as explained at
Appending a date to a filename in
Renaming the log file requires stopping the DNS server service, which
can be done with the command
net stop "DNS Server". If
you try to move the file without stopping the service, you will receive
the message below:
D:\Logs\DNS>move dns.log dns_old.log
The process cannot access the file because it is being used by another process.
0 file(s) moved.
After the file is moved/renamed, the DNS server service can be restarted
net start "DNS Server".
The location of the DNS log file is stored in the Windows Registry. A
REG QUERY command can be used to obtain the current location for
the file as explained at
Determing the location of a Microsoft Windows DNS log file from a command prompt. After the location and name of the file is determined, the DNS server
service can be stopped, then the current log file can be renamed, and the
DNS server service can be restarted, creating a new log file with the name
and at the location indicated by the registry entry.
The batch file is shown below and is available
REM Name: rotatednslog.bat
REM Version: 1.0
REM Created: December 6, 2014
REM Last Modified: December 6, 2014
REM: Location of latest version:
REM Description: When scheduled to run at the end of each day, this batch
REM file will roate the DNS server log. The DNS server service will be
REM stopped temporarily, so the current DNS log can be renamed to a log file
REM with the name DNS_YYYYMMDD.log, where YYYY is the year, MM the month, and
REM DD the day. The DNS server service will then be restarted creating a
REM new DNS log file. The current location of the DNS log file is obtained
REM from the Windows Registry.
REM Required for substituting the contents of a variable in string subsitution
REM employed to insert the contents of the date variable YYYYMMDD in the log
REM file name.
REM Windows Registry key holding the location of the DNS log file
REM Registry value needed from the above key
REM Extract only the file location from the output of the reg query command
FOR /F "tokens=3" %%G IN ('reg query %regkey% /v LogFilePath ^| find %regvalue%') DO set logfile=%%G
REM Set the variable YYYYMMDD to today's date in YYYYMMDD format where
REM YYYY = 4-digit year, MM is month (1-12), and DD is day (1-31)
REM Set the name for the rotated log file to have "_YYYYMMDD.log" at the
REM end of the file name. Need to use delayed expansion.
REM Stop the DNS server service
NET STOP "DNS Server"
REM Move the log file to its new location with its new name.
REM Since you cannot specify a new drive or path for your destination file with
REM the RENAME command, I'm using the MOVE command, instead, in case I may
REM wish to update this batch script to move the file to another drive and/or
MOVE %logfile% %renamedlog%
REM Restart the DNS server service
NET START "DNS Server"
If it is run from a command prompt, you will see the following output:
The DNS Server service is stopping.
The DNS Server service was stopped successfully.
1 file(s) moved.
The DNS Server service is starting.
The DNS Server service was started successfully.
Since I would like the batch file to execute at the end of each day, I
scheduled it to run at 23:59 (11:59 PM) Monday through Sunday with the command
at 23:59 /every:m,t,w,th,f,s,su
"C:\program files\utility\scripts\rotatednslog.bat (specify the location
for the batch file).
C:\Program Files\Utility\Scripts>at 23:59 /every:m,t,w,th,f,s,su "C:\program files\utility\scripts\rotatednslog.bat"
Added a new job with job ID = 5
I could have used
00:00 to run the batch job at midnight, but
I set it to run 1 minute before midnight to be sure that the date inserted
in the name of the file is the one for the day that has just ended rather than
the date of the new day.
If you want to see the details of scheduled batch jobs, you can just
at without any parameters at the command line and hit
return. You will then see all the scheduled batch jobs. There may be gaps
in the ID numbers if some batch jobs have been deleted.
C:\Documents and Settings\Administrator>at
Status ID Day Time Command Line
1 Each M T W Th F S 7:30 PM d:\backups\daily.bat
2 Each Su 7:30 PM d:\backups\weekly.bat
5 Each M T W Th F S Su 11:59 PM "C:\program files\utility\scripts\rotatednslog.bat"
If you wish to delete a scheduled batch job you can use
at id /delete, where
id is the numeric
ID assigned to a batch job. E.g., the rotatednslog batch job above could
be deleted with
at 5 /delete.
Sat, Nov 22, 2014 12:25 pm
Determing the location of a Microsoft Windows DNS log file from a command prompt
If you need to determine the location of the log file for a Microsoft Windows
server functioning as a DNS server from the command line, you can do so through
C:\>reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters /v LogFilePath
LogFilePath REG_SZ d:\logs\dns\dns.log
You can reduce the output displayed to just the line containing the
log file location by piping the output of the
reg query command
C:\>reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters /v LogFilePath | find "LogFilePath"
LogFilePath REG_SZ d:\logs\dns\dns.log
If you wish to see just the log file location and not the other information
returned by the
reg query command, you can use
a FOR /F loop command such
as the following:
C:\>for /f "tokens=3" %g in ('reg query "HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v LogFilePath ^| find "LogFilePath"') do @echo %g
FOR /F loop breaks up a line of output from the command
that is being processed into items, called "tokens" that are separated by
space on the lines of output from the command. In this case, I'm only
interested in the third token on the line of output, which is the location
of the DNS log file. The output that is being processed is the result of
piping the output of the
reg query command into the
command. Since the pipe symbol, i.e., the vertical bar character
|, has a special meaning for the Windows operating system,
you need to place an
which for Windows is the caret symbol,
^, immediately before
it. You also need to put the at symbol,
@, before the echo
command to avoid seeing the echo command itself as output.
If you wish to use a batch file to execute the commands to find the log
file location, you need to replace the
as shown below.
FOR /F "tokens=3" %%G IN ('reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters" /v LogFilePath ^| find "LogFilePath"') DO echo %%G
The registry key and the value to be queried can also be placed in
variables that can be modified, if you wish to query other
registry keys, instead of the one for the DNS log file location, so that it
is easier to see what needs to be changed for such other queries.
REM Name: queryreg.bat
REM Version: 1.0
REM Created: November 22, 2014
REM Last Modified: November 22, 2014
REM Description: Displays just the value of a registry key from a
REM "reg query regkey /v regvalue" command omitting the additional
REM information that is output by the command
FOR /F "tokens=3" %%G IN ('reg query %regkey% /v LogFilePath ^| find %regvalue%') DO echo %%G
Fri, Nov 21, 2014 11:09 pm
Windows DNS Log Analyser
If you've turned on logging for the DNS service provided on Microsoft
Windows servers, a useful tool for analyzing the contents of the log file
is Windows DNS Log Analyser
, which is a small (about 1.44 MB), free
program that understands the Microsoft Windows DNS server log file format which
will present the information to you in a more easily analyzed format.
[ More Info ]
Thu, Nov 20, 2014 11:17 pm
Enabling DNS Logging on a Microsoft Windows SBS 2003 Sever
DNS logging can be useful when trying to monitor what systems an infected
system is trying to contact. The DNS log will show you what DNS queries
were sent by the system to the DNS server to look up IP addresses for
[ More Info ]
Thu, Oct 17, 2013 11:03 pm
Forgotten No-IP DUC Password
I needed to change the
Dynamic DNS (DDNS)
host name used by the
No-IP DUC 2.2.1 client on a system on which I had installed the
client software years ago. The system was on a LAN with a router
that had a dynamically assigned external address provided by the
company's Internet Service Provider (ISP). I used
's DDNS service to
have the system contact a DDNS server provided by No-IP which would
note the IP address from which it was contacted and associate that
address with a FQDN
e.g., acme.example.com, so that I could connect to the site for
troubleshooting without having someone at the site determine what
the site's currently assigned IP address might be by going to
a site like WhatIsMyIP
is a site I usually have people go to when I need them to provide
me with their current IP address. The No-IP DUC client was running
on the system as a system service and the icon for the software
was in the notification area, aka the system tray, but I found
that the password I thought I had set for it didn't work and I
couldn't remember what it might be.
Since it was very late and I was in a hurry to make the change,
I thought I could probably find a registry key where the password
was stored and fix the problem more quickly by blanking out the
contents of that registry key. For DUC 2.2.1, the relevant registry
key, which can be accessed by the Microsoft Windows built-in
which is a REG_SZ key. To remove the tray password, you can
simply double-click on the key and remove the value, which is stored
in encrypted form, associated with it. You can then access the
options for the software without a password. Note: you may only see
this key under
HKLM\SOFTWARE if the DUC client has
been configured to run as a system service. If it isn't look under
To reset the password, click on the No-IP icon in the system tray
and choose Show or double-click on it. Then, click on
Options and, under the Standard tab, check the box for
"Require password to restore window from system tray". The text
associated with that option states "This option will force the DUC
to always start hidden. When you double click the
system tray icon, it will ask for the password below.
The only way to remove this is to uninstall and
reinstall the DUC." But by removing the value from
you can do if you are logged in under the administrator account, you can skip
I don't see being able to remove the password via the registry
as a security issue, since doing so requires administrator
privileges; it's simply a shortcut that saves the time of
reinstalling the software.
Note: the current version of the DUC software, which is 4.0.1
does not store the password at this location. If you configure it
to run as a service, there is a
HKEY_LOCAL_MACHEINE\SOFTWARE\Vitalwerks key will be created
at the time you set the software to run as a service, but there is no
TrayPassword key beneath it.
Shop Amazon Local - Subscribe to Deals in Your Neighborhood