Learn how to use the Nslookup command to gather DNS information on a target site.
Nslookup is a network administration command-line tool used for querying the DNS to obtain domain name or IP address mapping information.
Windows Machine or Kali Linux.
You can use a Windows Machine or Kali Linux for this lab.
Nslookup comes built in on both Windows and Linux. In Windows, it comes in both an interactive and non-interactive mode. To open the interactive mode, type “nslookup”. To quit the interactive mode, type “quit”.
We will begin by finding the IP address of a host. To do this, type the following:
As you will see, we are returned with the different IPv4 and IPv6 ip addresses for Google.com. The node, called as “local DNS resolver”, is the first point of contact we make with a DNS query every time.
This is usually the IP address of the device provided to you by your Internet Service Provider. Of course, you can target your “all DNS queries” to a different server by changing your local machine’s network settings accordingly.
We will now perform a reverse lookup which will match an IP address to a domain name. This is also called the DNS PTR record, and can be thought of as the exact opposite of the DNS A record. To do this type:
Oftentimes, we can see that hostnames DNS A and DNS PTR queries do not match on web servers. This is because multiple IP addresses may be matched against a DNS A record to perform load balancing.
We can also find any “Mail eXchange” servers for a particular domain. To do this, type:
nslookup -querytype=mx google.com
We can also find the “Name Servers” responsible for a domain. In other words, only those servers which are authoritative sources to keep DNS records of the google.com domain name. To do this, first open an interactive console by typing “nslookup”. Then, type:
Then, type the domain name into the terminal.
It is possible to access domain verification data by making a DNS TXT query.
nslookup -querytype=txt google.com