[Shining White]

There is lot of methods to take DNS information and and Hacking with DNS Information

i will show two ways in here to take DNS information gathering

first : using nslookup command in windows command Prompt
second : using Application Called dig

Using CMD - nslookup Command

what is nslookup

Definition - Name Server Look up
Nslookup.exe is a command-line administrative tool for testing and troubleshooting DNS servers. This tool is installed along with the TCP/IP protocol through Control Panel.


First of all open the CMD (Command Prompt) in your Computer
for that Press Win+R
or
Start -> Run -> cmd (in windows 8 , press the Win key and type "cmd")



then type

Code:

nslookup

when you ENTER it will show like this

About the Showing "Default server : Unknown "

Code:

When NSLOOKUP starts, before anything else, it checks the computer's network configuration to determine the IP address of the DNS server that the computer uses.
Then it does a reverse DNS lookup on that IP address to determine the name of the DNS server.

If reverse DNS for that IP address is not setup correctly, then NSLOOKUP cannot determine the name associated with the IP address.
On Windows Vista/2008, it then says "Default Server: UnKnown".
On earlier Windows versions, it displays the error message "*** Can't find server name for address ...".

This does NOT indicate a problem with the actual domain name that you are trying to look up.
It only means that there is no reverse DNS name for the DNS server IP address, which in most cases may not be a problem at all.

Here is a Sample Cheat Sheet for the nslookup

Code:

HINFO   -      Host Information
MX      -      Mail Exchange Record
TXT     -      Text String
A         -       IPv4 Address (32 bits)
NS       -       Name Server
CNAME  -       Canonical Name
PTR      -      Pointer Record
AAAA    -      IPv6 Address (128 bits)
AXFR    -     Request for Zone Transfer
ANY     255     Request for All Records

or
this code Source from - >http://ss64.com/nt/nslookup.html

Code:

Command Mode options:

help or ?          - print a list of Command Mode options
exit or ^C         - exit "command mode"

set all            - print options, current server and host
finger [USER]      - finger the optional NAME at the current default host
MyHost             - print ip address of MyHost
MyHost MyNameServer - print ip address of MyHost on MyNameServer
set [no]debug      - print debugging info
set [no]d2         - print exhaustive debugging info

set domain=NAME    - set default domain name to NAME
set root=NAME      - set root server to NAME
root               - set current default server to the root
server NAME        - set default server to NAME, using current default server
lserver NAME       - set default server to NAME, using initial server
set srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1, N2,...

set retry=X        - set number of retries to X
set timeout=X      - set initial time-out interval to X seconds
set [no]defname    - append domain name to each query
set [no]recurse    - ask for recursive answer to query
set [no]search     - use domain search list
set [no]vc         - always use a virtual circuit
set class=X        - set query class (for example, IN (Internet), ANY)
set [no]msxfr      - use MS fast zone transfer
set ixfrver=X      - current version to use in IXFR transfer request
set type=X         - set query type
set querytype=X    - set query type
                      (e.g. A, ANY, CNAME, MX, NS, PTR, SOA, SRV)

ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN
                            (and optionally output to FILE)

    -d          -  list all records
    -t TYPE     -  list records of the given Type (for example, A, CNAME,
                   MX, NS, PTR, and so on)
    -a          -  list Aliases and canonical names.

view FILE       - sort an 'ls' output file and view it with pg

Example:

C:\> nslookup -querytype=TXT -timeout=10 porttest.dns-oarc.net

or
you can siply type Help on the cmd on nslookup





We'll look some sample codes now

set current default server to the root simply type

Code:

root

if we need to see the nameservers : we type from the above command
for sample site i will use Google.com

first type

Code:

set q=ns

and then your deserved site

Code:

google.com

see the image :




We take every DNS info

Code:

set q=any
google.com  <-- (its your box)

ok here we finish the dns looking up through the cmd nslookup

CMD - Using DIG (Domain Information grabber)

Download the dig - Click here
Source Site : http://members.shaw.ca/nicholas.fong/dig/

Capture : DIG Vs Whois Information

Code:

The DNS system and the whois system are not the same, they are only loosely tied together.
If the whois system is broken, (while the DNS system is working) the whole Internet will work fine.
If the DNS system is broken (while the whois system is working), the whole Internet will die.

The whois system is supposed to display who owns the domain and their corresponding name servers,
however, due to usually defective software at whois servers at domain registrars,
(the amount of defects is proportional to the registrar's domain registration fees),
the DNS name servers information obtained from the whois query is often wrong, out of date, and inaccurate.

in here
With Dig we will use to nslookup , and DNS queries
and with Whois ---> Domains and IP

First goto the folder

Code:

c:\windows\system32\drivers\etc\

and create there blank file called

Code:

resolv.conf

Note : if the folder not allowed to make a file there , create it in anywhere else and paste on the path folder

After that Extract the dig to the C:\dig



Now goto

PHP Code:

MyComputer Properties --> Advance System Settings --> Environment Variables 


In System Variable list search for the path and Edit it
in the End of Variable value Box Add

Code:

;C:\dig

see the image :



Now Open the cmd and type the

Code:

dig

it should be working now . with some info



OKay Lets take some samples now , i will take the gmail.com
for the Sample Site
type

Code:

dig mx gmail.com *trace

you can see MX records from the gmail, there




MX records : Short for mail exchange record, an entry in a domain name database that identifies the mail server that is responsible for handling e-mails for that domain name.

if we might want to check the IP Address from the mx records
we type

Code:

dig _record that we found on above search_

then if we need to check host name (revers dns lookup)
type

Code:

dig -x _IP that we found_

also we can trace the Nameservers with this

Code:

dig -x _IP_ *trace

we can find Domain Control Nameservers like , edu , mil , ae , lk , au , in , pk ,

Code:

dig edu.NS

and we are going to use Whois Option in dig now

type

Code:

whois

and i want to find whois info about facebook.com
type

Code:

whois facebook.com

in there you can find Domain register and expire date also
interesting huh :whistle:

i found one nameserver IP address is 69.171.224.37 on Facebook from dig facebook.com command and now going to whois on it

Code:

whois 69.171.224.37

searching bgp prefix on the domain name

Code:

whois -h bgpmon.net 69.171.224.37

you can see prefix Origin AS number , etc

Shows the spf

Code:

dig txt _domainname_

I hope this covers the basic parts of the DIG and you can find now yourself searching some interesting information about this

BBye

[ranchescdoer]

cant really understand..... but i will do.. thanks for this wonderful tutorial

[Shining White]

cant really understand..... but i will do.. thanks for this wonderful tutorial

which part you not understanding really ?

[HrDe]

Awesome tutorial by awesome hacker, thanks for share. also want to write on my blog.

[Shining White]

Awesome tutorial by awesome hacker, thanks for share. also want to write on my blog.

i love your blog !