★Kali信息收集~4.DNS系列

★.1host:DNS信息 web

參數: windows

通常狀況下,host查找的是A,AAAA,和MX的記錄 服務器

案例: dom

  • DNS服務器查詢

     host -t ns 域名 socket

       

  • A記錄和MX記錄查詢

     host 域名(host -t a 域名 + host -t mx 域名) tcp

    PSA (Address) 記錄是用來指定主機名(或域名)對應的IP地址記錄。用戶能夠將該域名下的網站服務器指向到本身的web server上。同時也能夠設置您域名的子域名。通俗來講A記錄就是服務器的IP,域名綁定A記錄就是告訴DNS,當你輸入域名的時候給你引導向設置在DNSA記錄所對應的服務器。ide

    PSMX記錄也叫作郵件路由記錄,用戶能夠將該域名下的郵件服務器指向到本身的mail server上,而後便可自行操控全部的郵箱設置。您只需在線填寫您服務器的IP地址,便可將您域名下的郵件所有轉到您本身設定相應的郵件服務器上。簡單的說,經過操做MX記錄,您才能夠獲得以您域名結尾的郵局。網站

   

 

4.2Dig :DNS挖掘 阿里雲

  • 參數:

    root@Kali:/home/dnt# dig -hspa

    Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}

    {global-d-opt} host [@local-server] {local-d-opt}

    [ host [@local-server] {local-d-opt} [...]]

    Where: domain         is in the Domain Name System

    q-class is one of (in,hs,ch,...) [default: in]

    q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]

    (Use ixfr=version for type ixfr)

    q-opt is one of:

    -x dot-notation (shortcut for reverse lookups)

    -i (use IP6.INT for IPv6 reverse lookups)

    -f filename (batch mode)

    -b address[#port] (bind to source address/port)

    -p port (specify port number)

    -q name (specify query name)

    -t type (specify query type)

    -c class (specify query class)

    -k keyfile (specify tsig key file)

    -y [hmac:]name:key (specify named base64 tsig key)

    -4 (use IPv4 query transport only)

    -6 (use IPv6 query transport only)

    -m (enable memory usage debugging)

    d-opt is of the form +keyword[=value], where keyword is:

    +[no]vc (TCP mode)

    +[no]tcp (TCP mode, alternate syntax)

    +time=### (Set query timeout) [5]

    +tries=### (Set number of UDP attempts) [3]

    +retry=### (Set number of UDP retries) [2]

    +domain=### (Set default domainname)

    +bufsize=### (Set EDNS0 Max UDP packet size)

    +ndots=### (Set NDOTS value)

    +[no]edns[=###] (Set EDNS version) [0]

    +[no]search (Set whether to use searchlist)

    +[no]showsearch (Search with intermediate results)

    +[no]defname (Ditto)

    +[no]recurse (Recursive mode)

    +[no]ignore (Don't revert to TCP for TC responses.)

    +[no]fail (Don't try next server on SERVFAIL)

    +[no]besteffort (Try to parse even illegal messages)

    +[no]aaonly (Set AA flag in query (+[no]aaflag))

    +[no]adflag (Set AD flag in query)

    +[no]cdflag (Set CD flag in query)

    +[no]cl (Control display of class in records)

    +[no]cmd (Control display of command line)

    +[no]comments (Control display of comment lines)

    +[no]rrcomments (Control display of per-record comments)

    +[no]question (Control display of question)

    +[no]answer (Control display of answer)

    +[no]authority (Control display of authority)

    +[no]additional (Control display of additional)

    +[no]stats (Control display of statistics)

    +[no]short (Disable everything except short

    form of answer)

    +[no]ttlid (Control display of ttls in records)

    +[no]all (Set or clear all display flags)

    +[no]qr (Print question before sending)

    +[no]nssearch (Search all authoritative nameservers)

    +[no]identify (ID responders in short answers)

    +[no]trace (Trace delegation down from root [+dnssec])

    +[no]dnssec (Request DNSSEC records)

    +[no]nsid (Request Name Server ID)

    +[no]sigchase (Chase DNSSEC signatures)

    +trusted-key=#### (Trusted Key when chasing DNSSEC sigs)

    +[no]topdown (Do DNSSEC validation top down mode)

    +[no]split=## (Split hex/base64 fields into chunks)

    +[no]multiline (Print records in an expanded format)

    +[no]onesoa (AXFR prints only one soa record)

    +[no]keepopen (Keep the TCP socket open between queries)

    global d-opts and servers (before host name) affect all queries.

    local d-opts and servers (after host name) affect only that lookup.

    -h (print help and exit)

    -v (print version and exit)

       

  • 經常使用: dig 域名 any

     root@Kali:/home/dnt# dig cnblogs.com any

       

    ; <<>> DiG 9.9.5-9+deb8u2-Debian <<>> cnblogs.com any

    ;; global options: +cmd

    ;; Got answer:

    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18664

    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

       

    ;; QUESTION SECTION:

    ;cnblogs.com.                        IN        ANY

       

    ;; ANSWER SECTION:

    cnblogs.com.                5        IN        NS        ns4.dnsv4.com.

    cnblogs.com.                5        IN        NS        ns3.dnsv4.com.

       

    ;; Query time: 2010 msec

    ;; SERVER: 192.168.232.2#53(192.168.232.2)

    ;; WHEN: Thu Dec 24 23:19:22 CST 2015

    ;; MSG SIZE rcvd: 71

       

   

4.3NS Lookup :DNS褲子

Windows+Linux都自帶

nslookup最簡單的用法就是查詢域名對應的IP地址,包括A記錄和CNAME記錄

幫助文檔:man nslookup

   

咱們看看windows裏面的幫助文檔(明瞭一點)

經常使用命令:nslookup

0.設置默認服務器

server 8.8.8.8

   

 1.簡單查詢域名信息

> set type=any

> cnblogs.com

   

 2.查詢域名CNAME記錄(別名指向)

> set type=cname

> cnblogs.com

   

 3.查詢域名A記錄通俗來講A記錄就是服務器的IP,域名綁定A記錄就是告訴DNS,當你輸入域名的時候給你引導向設置在DNS的A記錄所對應的服務器

   

 4.查詢域名MX記錄(郵件記錄)

> set type=mx

> cnblogs.com

   

 5.查詢域名ns記錄(域名所使用的DNS)

   

不懂什麼意思?給你看個圖:(阿里雲解析)

在不懂就百度谷歌吧

相關文章
相關標籤/搜索