Nslookup
DNS Enumeration and Simple DNS Queries with nslookup
nslookupIn this guide, we explore the utility of nslookup, a tool for querying the Domain Name System (DNS) to obtain domain name or IP address mappings. It details how to perform DNS enumeration, simple DNS queries, and other operations.
DNS Enumeration
To retrieve a list of name servers, you can follow these steps:
Step-by-step Guide
Start the nslookup Interactive Shell
>> nslookupSet the Default Server to Query
>> server 10.50.96.5Set the Query Type to NS To retrieve only NS records, set the query type to NS as shown below:
>> set q=NSType the Domain Name Enter the domain name that you wish to query:
>> foocampus.com
Explanation
Step 1: Initiates the interactive shell of
nslookup.Step 2: Designates the default server to query.
Step 3: Adjusts the query type to NS, which is utilized to obtain only NS records.
Step 4: Input the domain name to be queried.
Output
The outcome of these steps is as follows:
foocampus.com nameserver = ns.foocampus.com.
foocampus.com nameserver = ns1.foocampus.com.To discover the IP address of each domain, execute the following commands (press CTRL + C to restart):
>> nslookup
>> server 10.50.96.5
>> ns.foocampus.comTo probe for MX records, adjust the query type to MX as illustrated below:
>> nslookup
>> server 10.50.96.5
>> set q=MX
>> foocampus.comSimple DNS Queries
1. Simple DNS Query
nslookup domain.com2. Reverse DNS Lookup
nslookup -type=PTR IPaddress3. MX (Mail Exchange) Lookup
nslookup -type=MX domain.com
# or
nslookup -query=MX domain.com4. Zone Transfers
Zone transfers, often a result of remote DNS server misconfigurations, can be checked as follows:
nslookup -type=NS domain.com
# or
nslookup -query=NS domain.com
# or
nslookup -query=any domain.comTo initiate a zone transfer request, use the following commands:
nslookup
server [NAMESERVER FOR mydomain.com]
ls -d mydomain.comIf successful, a detailed information screen about the domain should appear.
Last updated
Was this helpful?