Make nslookup use specific interface

Question

On my computer I have two network cards. Both are using different Internet Providers service.

Both Internet service provider have different DNS server and their IP address are known to me.

I want to make sure when nslookup sends queries, it passes through exactly by specified interface.

Something like:
ping -I eth1 google.com

nslookup -I eth1 google.com is possible by any way, I know there is no -I option, I even don't want it to be specific in that way only.

How do I do it?

score 6 · Answer 1 · answered Dec 13 '12 at 13:09

This is not exactly nslookup specific but should work in the general case (if you have root access on your machine). It uses the IP network stack to make sure you are using an interface instead of another. Before calling nslookup, simply add a route to your DNS server IP addresses via a specific network interface.

If you have 2 interfaces (eth0 and eth1), that your default gateway is via eth0 (192.168.0.1), and that you want to query Google DNS (8.8.8.8) via eth1 where your way to the Internet is 192.168.1.1, you could do:

ip route add 8.8.8.8/32 via 192.168.1.1

Adding dev eth1 to the command is not usefull as there should be only one way to 192.168.1.1.

When done, you should remove the route to restore default routing:

ip route del 8.8.8.8/32

There's a second issue of the return route, which will be based on the IP address the request comes from. If you just route requests out via a network from another networks IP the response can come back a different (generally longer) way. — Matt, Dec 14 '12 at 09:37
@Matt Can you explain your comment? You mean we need to add ip rule as well? — abhiarora, Mar 16 '20 at 17:21

score 4 · Answer 2 · edited Aug 27 '17 at 17:45

4

The easy way of doing it is by locking down the IP address assigned to the interface you need to query FROM.

If you have multiple interfaces you can use dig -b z.b.c.d and it will use that interface to run the query.

edited Aug 27 '17 at 17:45

Jeff Schaller

67,283
35
116
255

answered Dec 13 '15 at 03:00

Don Soad

41
2

score 1 · Answer 3 · answered Mar 11 '16 at 14:14

1

man dig:

The -b option sets the source IP address of the query to address.
This must be a valid address on one of the host's network interfaces
or "0.0.0.0" or "::".

answered Mar 11 '16 at 14:14

socketpair

131

score 1 · Answer 4 · answered Dec 13 '12 at 11:35

1

in curl there is option for the same. just let us know what you want to achieve ?

also you can use dig @ipaddress yourquery

--interface <name>
              Perform an operation using a specified interface. You can enter interface name, IP address or host name.  An  example
              could look like:

answered Dec 13 '12 at 11:35

Rahul Patil

24,711

Thanks, When i query an address using nslookup, i want to make sure that this time query goes through this interface, and that time using this, which i specifed it. – Rahul Gautam Dec 13 '12 at 11:45
The -b option sets the source IP address of the query to address. This must be a valid address on one of the host's network interfaces or "0.0.0.0" or "::". An optional port may be specified by appending "#" – socketpair Mar 11 '16 at 14:13

score 1 · Answer 5 · answered Dec 14 '12 at 11:07

This is not how nslookup works, or should be used.

Edit your /etc/resolv.conf or similar so that your DNS servers are in order of preference.

From the CLI you can use the following "server" statement to query two different DNS servers (Open DNS and Google DNS in this example);

user@machine ~ $ nslookup
> server 208.67.222.222
Default server: 208.67.222.222
Address: 208.67.222.222#53
> set type=a
> www.google.com
Server:     208.67.222.222
Address:    208.67.222.222#53

Non-authoritative answer:
Name:   www.google.com
Address: 74.125.132.99
Name:   www.google.com
Address: 74.125.132.105
Name:   www.google.com
Address: 74.125.132.106
Name:   www.google.com
Address: 74.125.132.147
Name:   www.google.com
Address: 74.125.132.104
Name:   www.google.com
Address: 74.125.132.103
> server 8.8.4.4
Default server: 8.8.4.4
Address: 8.8.4.4#53
> www.google.com
Server:     8.8.4.4
Address:    8.8.4.4#53

Non-authoritative answer:
Name:   www.google.com
Address: 74.125.132.147
Name:   www.google.com
Address: 74.125.132.105
Name:   www.google.com
Address: 74.125.132.104
Name:   www.google.com
Address: 74.125.132.106
Name:   www.google.com
Address: 74.125.132.99
Name:   www.google.com
Address: 74.125.132.103
> exit

Yeah, it's not how DNS or nslookup works, however resolving against an interface may be needed. For me, I am working on wireless access points that have DNS masquerading enabled. I want to be able to check the resolution through each of the bridged SSIDs interfaces as each interfece will return differnt DNS results. — Citizen Kepler, Jun 06 '16 at 19:28
Another reason for having per interface lookup is that some nameservers are only reachable from a specific interface, say for a GPRS/3G/4G connection. — Andreas Magnusson, Oct 16 '20 at 17:30

score 0 · Answer 6 · answered Dec 14 '12 at 10:16

Combine the two answers from jfgagne and Rhaul Patil

Routing happens in two directions. Your route to the destination, and the destinations route to you.

If your lookups are coming from real world IP's or the local routing is what you are testing you need to have your local routes set and make the request come from the correct IP address

For example, If you run a lookup on a name server on ISP2, from a source adress of IP1 owned by ISP1. ISP2 will normally route data to IP1 out via WAN links to ISP1 who will route the data to you (unless you have manual routes added at each ISP or are doing something advanced like BGP advertisements)

isp1 - isp2
 |      |
ip1    ip2
  \    /
   box

You should already have more general routes like @jfgagne suggested set for each ISP's network ranges so data for an ISP goes via the quickest route, if not the more specific ones for the name server can be added

ip route add ns.ip.isp.1/32 via gw.ip.isp.1
ip route add ns.ip.isp.2/32 via gw.ip.isp.2

Then you can get dig to use a source address with -b

dig @ns.ip.isp.1 -b ur.ip.isp.1 whatever.com
dig @ns.ip.isp.2 -b ur.ip.isp.2 whatever.com

If you are running the lookup from inside two NAT gateways the source IP will be taken care of on the gateway and you don't need to worry about setting the source address of the request. Just set the routing to the gateway you want.

If you want to affect routing specifically for these name servers but not change routing generally you're heading into iptables and policy routing which is a whole other question.

score 0 · Answer 7 · answered Nov 18 '20 at 08:28

If you can use Linux namespace, you may want to consider moving your interface into a separated namespace. Then, run your nslookup command in this new namespace, which almost guarantee the DNS request will leave from the only interface in that namespace.

Create a new namespace called "bear" sudo ip netns add bear
Move interface eth1 into bear namespace sudo ip link set eth1 netns bear
Run nslookup in bear namespace sudo ip netns exec bear nslookup google.com

If you can't move eth1 into an isolated namespace, you might still be able to create a veth pair, and setup proper forwarding routes or bridge, then move one of the veth endpoint into isolated namespace.

Make nslookup use specific interface

7 Answers7

Linked