★.1host:DNS信息 web
參數: windows
通常狀況下,host查找的是A,AAAA,和MX的記錄 服務器
案例: dom
host -t ns 域名 socket
host 域名(host -t a 域名 + host -t mx 域名) tcp
PS:A (Address) 記錄是用來指定主機名(或域名)對應的IP地址記錄。用戶能夠將該域名下的網站服務器指向到本身的web server上。同時也能夠設置您域名的子域名。通俗來講A記錄就是服務器的IP,域名綁定A記錄就是告訴DNS,當你輸入域名的時候給你引導向設置在DNS的A記錄所對應的服務器。ide
PS:MX記錄也叫作郵件路由記錄,用戶能夠將該域名下的郵件服務器指向到本身的mail server上,而後便可自行操控全部的郵箱設置。您只需在線填寫您服務器的IP地址,便可將您域名下的郵件所有轉到您本身設定相應的郵件服務器上。簡單的說,經過操做MX記錄,您才能夠獲得以您域名結尾的郵局。網站
4.2Dig :DNS挖掘 阿里雲
root@Kali:/home/dnt# dig -hspa
Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}
{global-d-opt} host [@local-server] {local-d-opt}
[ host [@local-server] {local-d-opt} [...]]
Where: domain is in the Domain Name System
q-class is one of (in,hs,ch,...) [default: in]
q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]
(Use ixfr=version for type ixfr)
q-opt is one of:
-x dot-notation (shortcut for reverse lookups)
-i (use IP6.INT for IPv6 reverse lookups)
-f filename (batch mode)
-b address[#port] (bind to source address/port)
-p port (specify port number)
-q name (specify query name)
-t type (specify query type)
-c class (specify query class)
-k keyfile (specify tsig key file)
-y [hmac:]name:key (specify named base64 tsig key)
-4 (use IPv4 query transport only)
-6 (use IPv6 query transport only)
-m (enable memory usage debugging)
d-opt is of the form +keyword[=value], where keyword is:
+[no]vc (TCP mode)
+[no]tcp (TCP mode, alternate syntax)
+time=### (Set query timeout) [5]
+tries=### (Set number of UDP attempts) [3]
+retry=### (Set number of UDP retries) [2]
+domain=### (Set default domainname)
+bufsize=### (Set EDNS0 Max UDP packet size)
+ndots=### (Set NDOTS value)
+[no]edns[=###] (Set EDNS version) [0]
+[no]search (Set whether to use searchlist)
+[no]showsearch (Search with intermediate results)
+[no]defname (Ditto)
+[no]recurse (Recursive mode)
+[no]ignore (Don't revert to TCP for TC responses.)
+[no]fail (Don't try next server on SERVFAIL)
+[no]besteffort (Try to parse even illegal messages)
+[no]aaonly (Set AA flag in query (+[no]aaflag))
+[no]adflag (Set AD flag in query)
+[no]cdflag (Set CD flag in query)
+[no]cl (Control display of class in records)
+[no]cmd (Control display of command line)
+[no]comments (Control display of comment lines)
+[no]rrcomments (Control display of per-record comments)
+[no]question (Control display of question)
+[no]answer (Control display of answer)
+[no]authority (Control display of authority)
+[no]additional (Control display of additional)
+[no]stats (Control display of statistics)
+[no]short (Disable everything except short
form of answer)
+[no]ttlid (Control display of ttls in records)
+[no]all (Set or clear all display flags)
+[no]qr (Print question before sending)
+[no]nssearch (Search all authoritative nameservers)
+[no]identify (ID responders in short answers)
+[no]trace (Trace delegation down from root [+dnssec])
+[no]dnssec (Request DNSSEC records)
+[no]nsid (Request Name Server ID)
+[no]sigchase (Chase DNSSEC signatures)
+trusted-key=#### (Trusted Key when chasing DNSSEC sigs)
+[no]topdown (Do DNSSEC validation top down mode)
+[no]split=## (Split hex/base64 fields into chunks)
+[no]multiline (Print records in an expanded format)
+[no]onesoa (AXFR prints only one soa record)
+[no]keepopen (Keep the TCP socket open between queries)
global d-opts and servers (before host name) affect all queries.
local d-opts and servers (after host name) affect only that lookup.
-h (print help and exit)
-v (print version and exit)
root@Kali:/home/dnt# dig cnblogs.com any
; <<>> DiG 9.9.5-9+deb8u2-Debian <<>> cnblogs.com any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18664
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;cnblogs.com. IN ANY
;; ANSWER SECTION:
cnblogs.com. 5 IN NS ns4.dnsv4.com.
cnblogs.com. 5 IN NS ns3.dnsv4.com.
;; Query time: 2010 msec
;; SERVER: 192.168.232.2#53(192.168.232.2)
;; WHEN: Thu Dec 24 23:19:22 CST 2015
;; MSG SIZE rcvd: 71
4.3NS Lookup :DNS褲子
Windows+Linux都自帶
nslookup最簡單的用法就是查詢域名對應的IP地址,包括A記錄和CNAME記錄
幫助文檔:man nslookup
咱們看看windows裏面的幫助文檔(明瞭一點)
經常使用命令:nslookup
0.設置默認服務器
server 8.8.8.8
1.簡單查詢域名信息
> set type=any
> cnblogs.com
2.查詢域名CNAME記錄(別名指向)
> set type=cname
> cnblogs.com
3.查詢域名A記錄(通俗來講A記錄就是服務器的IP,域名綁定A記錄就是告訴DNS,當你輸入域名的時候給你引導向設置在DNS的A記錄所對應的服務器)
4.查詢域名MX記錄(郵件記錄)
> set type=mx
> cnblogs.com
5.查詢域名ns記錄(域名所使用的DNS)
不懂什麼意思?給你看個圖:(阿里雲解析)
在不懂就百度谷歌吧