NSLOOKUP

The first tool we will use to examine DNS is nslookup. nslookup is a tool that can be used to query DNS servers and potentially obtain records about the various hosts of which it is aware. nslookup is built into many versions of Linux including Kali and is even available for Windows. nslookup operates very similarly between the various OSs; however, you should always review the specifics for your particular system. You can do so in Linux by reviewing the nslookup man page. This is accomplished by opening a terminal and typing "man nslookup"

nslookup is a tool that can be run in interactive mode. This simply means we will first invoke the program and then feed it the particular switches we need to make it function properly. We begin using nslookup by opening a terminal and entering: "nslookup"

By issuing the "nslookup" command, we start the nslookup tool from the OS. After typing nslookup" and hitting enter your usual "#" prompt will be replaced with a ">" prompt. At this point, you can enter the additional information required for nslookup to function. We begin feeding commands to nslookup by entering the "server" keyword and an IP address of the DNS server you want to query. An example follows: server 8.8.8.8

nslookup will simply accept the command and present you with another">prompt. Next, we specify the type of record we are looking for. During the reconnaissance process, there are many types of records that you may be interested in. For a complete listing of the various DNS record types and their description, you can use your newly acquired Google skills! If you are looking for general information, you should set the type to any by using the keyword "any" set type = any

Be sure to pay special attention to the spacing or you will get an error massage. If you looking for specific information from the DNS server such as the IP address of the mail server that handle e-mail for the target organization. You would use the "set type=mx". We wrap up our initial DNS interrogation with nslookup by entering the target domain after the next ">" prompt.