Nslookup

DNS Enumeration and Simple DNS Queries with nslookup

In this guide, we explore the utility of nslookup, a tool for querying the Domain Name System (DNS) to obtain domain name or IP address mappings. It details how to perform DNS enumeration, simple DNS queries, and other operations.

DNS Enumeration

To retrieve a list of name servers, you can follow these steps:

Step-by-step Guide

  1. Start the nslookup Interactive Shell

    >> nslookup

  2. Set the Default Server to Query

    >> server 10.50.96.5

  3. Set the Query Type to NS To retrieve only NS records, set the query type to NS as shown below:

    >> set q=NS

  4. Type the Domain Name Enter the domain name that you wish to query:

    >> foocampus.com

Explanation

  • Step 1: Initiates the interactive shell of nslookup.

  • Step 2: Designates the default server to query.

  • Step 3: Adjusts the query type to NS, which is utilized to obtain only NS records.

  • Step 4: Input the domain name to be queried.

Output

The outcome of these steps is as follows:

To discover the IP address of each domain, execute the following commands (press CTRL + C to restart):

To probe for MX records, adjust the query type to MX as illustrated below:

Simple DNS Queries

1. Simple DNS Query

2. Reverse DNS Lookup

3. MX (Mail Exchange) Lookup

4. Zone Transfers

Zone transfers, often a result of remote DNS server misconfigurations, can be checked as follows:

To initiate a zone transfer request, use the following commands:

If successful, a detailed information screen about the domain should appear.

PreviousDnsenumNextdig

Last updated

Was this helpful?