1. Introduction
The Domain name Information Finder (DIG) is a powerful tool similar to Nslookup, which not only supports running command-line options, but also enables you to import files directly through the pipeline when querying multiple domain names. Dig uses /etc/resolve.conf
a file to iterate over the request Domain name server (except for the specified domain name server), dig has a long list of options that can be configured to get the data that needs to be collected.
The dig website details the functions of dig.
2. Dig Command Query
In the Kali Linux terminal, enter the command to query for Baidu.com as an example:
# dig baidu.com
Output results such as:
The output details indicate the version number of the dig, and the global option is selected by default. According to the results, Baidu.com's A records listed 3:132.125.114.144,180.149.132.47 and 220.181.57.217.
Deeper dig query:
# dig +qr youku.com any
Option any will query all DNS records about youku.com, +QR is the result of printing, this query results in addition to the previous data header and tail, but also contains some other records, including all the name servers and aliases.
3. Using Dig for domain transfer
Domain Transfer (AXFR) is able to get all the records for the entire domain name server at once, and if executed successfully, all the information on the domain name server can be listed with a simple command. In a highly secure environment, domain transfer is disabled because it provides an attacker with a range of valuable information such as host names.
Terminal input:
# dig @ns1.youku.com youku.com axfr
This query failed, and then tried the other three failed, it seems that Youku still has some security measures. However, not all servers have this feature disabled, and this is not disabled.
4. Dig Advanced Features
The dig feature is quite diverse and allows you to export different data formats. You can use +nocmd
the command information to delete the output.
+noall
The dig output does not contain flag information.
+answer
The dig output shows only the answer section.
# dig +nocmd +noall +answer baidu.com
Show Results only:
This makes it easy to use the awk and grep tools to further process the results.
In addition, dig has some other valuable commands.
# dig +nocmd txt chaos VERSION.BIND @sn1.example.com +noall +answer
This command determines the BIND version information that is running on the server and is valuable for finding vulnerabilities.
- Reverse DNS Lookups
Resolves the IP address to a domain name, except Nslookup can also use the dig command to accomplish this task.
# dig +nocmd +noall +answer -x 180.149.132.47
- Query path
Use +trace
The routing information that you can get dig resolving domain names.
# dig +trace baidu.com
- Dig Batch Processing
Unlike Nslookup, you don't need to write a script to iterate through all of the file names. Dig can use the -f
options to complete the batch process.
Write the following to the Digtask.txt file
+nocmd +noall +answer baidu.com
+nocmd +noall +answer youku.com
+nocmd +noall +answer blog.csdn.net
Enter the command to execute the following command:
# dig -f digtask.txt
Penetration Testing of domain name Information Finder Dig tutorial