DNS Information Gathering

In this tutorial we will gather DNS information about our target.

But before starting with basics of DIG we must know different types of DNS records.

The following list describes the common DNS record types and their use:

A (Address) Maps a hostname to an IP address

SOA (Start of Authority) Identifies the DNS server responsible for the domain information

CNAME (Canonical Name) Provides additional names or aliases for the address record

MX (Mail Exchange) Identifies the mail server for the domain

SRV (Service) Identifies services such as directory services

PTR (Pointer) Maps IP addresses to hostnames

NS (Name Server) Identifies other name servers for the domain

AXFR (Zone Tranfer) Can leak all the Sub-Domain Names registered for the domain

To install it on Windows: 1) Go to ftp://ftp.isc.org/isc/bind9/9.5.0-P2/ 2) Download BIND9.5.0-P2.zip 3) Open the archive with WinZip 4) Extract dig.exe, libbind9.dll, libdns.dll, libisc.dll, libisccfg.dll, liblwres.dll to c:\windows\system32

DIG Syntax DIG

Now to get the information on all of these records at once we can use ANY keyword. As shown below DIG ANY

If you want to get NS records for the domain then you can go for the given query DIG NS

In the same manner you have to change the option to get different records. DIG