You may secure your DNS information with transaction signature (TSIG). This ensures a secured authorized update to DNS record. You may receive the Start of Authority (SOA) information of a host with the DNS lookup utilities host and dig. We first look at host utility followed by dig before looking into the Python code for our current recipe to retrieve the same information:
$ host cnn.com cnn.com has address 151.101.129.67 cnn.com has address 151.101.193.67 cnn.com has address 151.101.1.67 cnn.com has address 151.101.65.67 cnn.com has IPv6 address 2a04:4e42:600::323 cnn.com has IPv6 address 2a04:4e42:400::323 cnn.com has IPv6 address 2a04:4e42:200::323 cnn.com has IPv6 address 2a04:4e42::323 cnn.com mail is handled by 10 mxb-000c6b02.gslb.pphosted.com. cnn.com mail is handled by 10 mxa-000c6b02.gslb.pphosted.com. $ host axn.com axn.com has address 198.212.50.74 axn.com mail is handled by 0 mxa-001d1702.gslb.pphosted.com. axn.com mail is handled by 0 mxb-001d1702.gslb.pphosted.com.
The output indicates that no IPv6 addresses were found for https://www.axn.com/.
$ host -t soa cnn.com cnn.com has SOA record ns-47.awsdns-05.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
The -t flag above indicates the type of the query. The type can also be cname, ns, sig, key, or axfr. We will look into the name servers of http://edition.cnn.com/ here:
$ host -t ns cnn.com cnn.com name server ns-47.awsdns-05.com. cnn.com name server ns-576.awsdns-08.net. cnn.com name server ns-1086.awsdns-07.org. cnn.com name server ns-1630.awsdns-11.co.uk.
We may receive the CNAME, SIG, or KEY resource records (RR) of the site by using the cname, sig, and key types (-t) respectively.
$ host -t sig cnn.com cnn.com has no SIG record $ host -t key cnn.com cnn.com has no KEY record $ host -t cname cnn.com cnn.com has no CNAME record
Outputs of the preceding three operations indicate that no SIG, KEY, or CNAME records were found for http://cnn.com. You may also use the dig command for further information of the site:
$ dig SOA cnn.com ; <<>> DiG 9.10.3-P4-Ubuntu <<>> SOA cnn.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34225 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;cnn.com. IN SOA ;; ANSWER SECTION: cnn.com. 285 IN SOA ns-47.awsdns-05.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 ;; AUTHORITY SECTION: cnn.com. 1771 IN NS ns-1086.awsdns-07.org. cnn.com. 1771 IN NS ns-1630.awsdns-11.co.uk. cnn.com. 1771 IN NS ns-47.awsdns-05.com. cnn.com. 1771 IN NS ns-576.awsdns-08.net. ;; Query time: 9 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Sun Jul 23 18:08:28 CEST 2017 ;; MSG SIZE rcvd: 233
Notice that the ANSWER SECTION of the output for dig SOA <domain-name> matches the output for the host -t soa <domain-name> command.