Gather DNS Information using nslookup Command Line Utility and Online Tool
nslookup is a network administration command-line utility, generally used for querying the DNS to obtain a domain name or IP address mapping or for any other specific DNS record. This utility is available both as a command-line utility and web application.
Here, we will perform DNS information gathering about target organizations using the nslookup command-line utility and NSLOOKUP web application.
launch a Command Prompt, type nslookup and press Enter. This displays the default server and its address assigned to the Windows machine.
In the nslookup interactive mode, type set type=a and press Enter. Setting the type as “a” configures nslookup to query for the IP address of a given domain.
Type the target domain www.airbnb.com and press Enter. This resolves the IP address and displays the result, as shown in the screenshot.
The first two lines in the result are:
Server: dns.google and Address: 126.96.36.199
This specifies that the result was directed to the default server hosted on the
local machine (Windows) that resolves your requested domain.
Thus, if the response is coming from your local machine’s server (Google), but not the server that legitimately hosts the domain www.airbnb.com; it is considered to be a non-authoritative answer. Here, the IP address of the target domain www.airbnb.com is 188.8.131.52
Since the result returned is non-authoritative, you need to obtain the domain’s authoritative name server.
Type set type=cname and press Enter. The CNAME lookup is done directly against the domain’s authoritative name server and lists the CNAME records for a domain.
Type airbnb.com and press Enter.
This returns the domain’s authoritative name server (postmaster.nsone.net), along with the mail server address (dns1.p08.nsone.net), as shown in the screenshot.
Since you have obtained the authoritative name server, you will need to determine the IP address of the name server.
The authoritative name server stores the records associated with the domain. So, if an attacker can determine the authoritative name server (primary name server) and obtain its associated IP address, he/she might attempt to exploit the server to perform attacks such as DoS, DDoS, URL Redirection, etc.
You can also perform the same operations using the NSLOOKUP online tool. Conduct a series of queries and review the information to gain familiarity with the NSLOOKUP tool and gather information
pen any web browser (here, Mozilla Firefox). In the address bar of the browser place your mouse cursor and type http://www.kloth.net/ services/nslookup.php and press Enter
This concludes the demonstration of DNS information gathering using the nslookup command-line utility and NSLOOKUP online tool.