**Note: The content in this article is only for educational purposes and understanding of cybersecurity concepts. It should enable people and organizations to have a better grip on threats and know how to protect themselves against them. Please use this information responsibly.**
Using nslookup in Command Line Interface
nslookup is a network administration command-line utility used for querying the DNS to retrieve a domain name or IP address mapping, as well as any other specified DNS record.
We will perform DNS information gathering about target organizations using the nslookup command-line utility.
1. Open CLI in Kali Linux.
2. Type nslookup and press enter.
3. This brings up the nslookup interactive mode which is shown by the “>” sign. Here type: “set type=a” and press enter. This configures nslookup to query for the IP address of a given domain.
“a” here stands for A record or Address record which is an important type of DNS record. It is used to provide an IPv4 address for its respective domain name.
4. Type the target domain name.
As we can see here, this resolves the IP address of vulnweb.com as 44.228.249.3
The first 2 lines in the result are “Server:” and “Address:”. This specifies that the result was directed to the default server hosted on the local machine.
A non-authoritative answer is when the response is coming from the local machine’s server but not from the server that legitimately hosts the domain vulnweb.com
5. To receive the domain’s authoritative name server type “set type=cname” and press enter.
“cname” here stands for CNAME record or Canonical Name record. It is a type of DNS record that redirects DNS queries to the mentioned hostname instead.
The cname lookup is performed directly against the domain’s authoritative name server.
6. Type the domain name “vulnweb.com” to get the authoritative nameserver’s name.
We can see here, “ns1.eurodns.com” is the authoritative nameserver.
7. To get the IP address of the authoritative nameserver type “set type=a”
8. Then type the authoritative nameserver’s name (ns1.eurodns.com)
Hence, we have obtained the IP address of the authoritative nameserver.
Using nslookup online tool to gather DNS information
1. Open any web browser (Firefox in this case).
2. On the address type http://www.kloth.net/services/nslookup.php and press enter.
3. The NSLOOKUP website appears as shown below: –
4. In the domain field enter the target domain.
5. The query field shows various options that can be selected to view nameservers, DNS record types and DNS zones.
6. After entering the target domain name and selecting the query you want to explore, click on “Look it up” to get the required details.
Nameservers for testfire.net: –
These were the steps to perform DNS information gathering using nslookup.
The authoritative nameserver (Primary nameserver) contains records associated with the domains. So, if an attacker can determine this and obtain the IP address associated with it, he/she can attempt to exploit the server and perform various attacks like DOS, DDOS, URL redirection etc.
