Never put off what you can do today until tomorrow
Today’s event today
I haven’t written an article for a long time. I have been busy changing jobs, doing things, and having a lot of troubles. I have to sort out a DNS information query and other tools. DNS queries are often encountered in infiltration or operation and maintenance. In particular, companies with DNS servers inside need to periodically monitor whether DNS resolution is normal and whether they are hijacked by DNS. Therefore, it is especially important to learn some tools to quickly query and detect the status of the DNS server. This article introduces several common DNS information query tools.
Nslookup is a tool used to monitor whether a DNS server on the network can implement domain name resolution. In short, it can obtain the ip corresponding to the domain name. The difference with ping is that nslookup returns more results, and mainly collects information about dns server for troubleshooting of dns server. (In fact, the ping process also requests the dns record, and then sends icmp packets to ip)
Query the ip corresponding to the thief.one domain name, which specifies the query to the 18.104.22.168-dns server.
Check the thief.one domain name DNS service provider.
Check out the thief.one mail server.
Enter the interactive interface and enter the query command
Type type that can be changed:
Similar to nslookup, it is also the dns information corresponding to the query domain name.
- -a: Display detailed DNS information;
: specifies the query type, the default value is “IN”;
- -C: Query the complete SOA record of the specified host;
- -r: Do not use recursive query mode when querying domain name;
: specifies the type of domain name information to be queried;
- -v: displays detailed information about the execution of the instruction;
- -w: If the domain name server does not give a response message, it will always wait until the domain name server gives a response;
- -4: Use IPv4; host
- -6: Use IPv6.
: specifies the domain name server for domain name resolution;
- -b: When the host has multiple IP addresses, specify which IP address of the machine to use to send a domain name query request to the domain name server;
: Specifies that dig runs in batch mode, and the specified file contains DNS task information that requires batch processing.
- -P: Specify the port number used by the domain name server;
: specifies the type of DNS data to be queried;
- -x: Perform reverse domain name query;
- -4: Use IPv4;
- -6: Use IPv6;
- -h: Displays instruction help information.
Whois is used to query domain name related information, such as registrant information, email, domain name provider, ip information and so on.
More usage can be viewed using man whois.
[[Infiltration Artifact Series] Metasploit] (http://thief.one/2017/08/01/1/)
[[Infiltration artifact series] nc] (http://thief.one/2017/04/10/1/)
[Infiltration artifact series] nmap
[[Infiltration Artifact Series] Fiddler] (http://thief.one/2017/04/27/1)
[Infiltration Artifact Series] Search Engine
[[Infiltration Artifact Series] WireShark] (http://thief.one/2017/02/09/WireShark%E8%BF%87%E6%BB%A4%E8%A7%84%E5%88%99/)
There are many websites for DNS information online query. You can refer to the following: [SecWeb Secure Navigation] (https://thief.one/SecWeb) There are many similar articles on the Internet. You can go all the way to search. Here are just some common ones. The tools will continue to be added if there is a good one.