Nslookup is a valuable tool for query DNS information for host name resolution. It is bundled with both UNIX and windows operating systems and can be run at command prompt.
Nslookup allows query DNS other than the default one by type "server"(where is the host name of the server you want to use for future lookups). A zone transfer can be done if the security is lax. Following is an example:
> nslookup Default Server: ntsysa06.corp.root Address: 10.87.122.146
> server 10.2.202.1
Default Server: dns-286-cns-02.corp.com
Address: 10.2.202.1
> set type=any
> ls -d target.com
systemA 1DINA 10.12.133.147
geekL 1DINA 10.12.133.151
Nslookup employs the domain name delegation method when used on the local domain. That means, making query for "systemA.targetcompany.com" failed will go one level up to find "targetcompany.com". To query host outside domain, a fully qualified domain name (FQDN) must be typed.
Nslookup interface at http://www.zoneedit.com/lookup.html provide an interactive mode.
In addition, the attacker can use dig and host command to obtain more information on UNIX system.
The DNS namespaces is divided into zones. For each DNS domain name included in a zone, the zone becomes a storage database for a single DNS domain name and is the authoritative source.
At basic level, an attacker can try to obtain more information by using various Nslookup switch.
At higher level, an attacker can attempt a zone transfer at DNS level, which can have drastic implication.
To defense the target, inappropriate queries must be refused by the system.
To check zone transfer, specify exact IP addresses from where zone transfers may be allowed. The firewall must be configured to check TCP port 53 (which unlike UDP port 53 is used for zone transfers instead of DNS queries) access. Another best practice is to use more than one DNS or the split DNS approach where one DNS caters to the external interface and the other to the internal interface. This will let the internal DNS act like a proxy server and check leaking of information from external queries.
Check out DNS concept from RFC 1912 Common DNS Operational and Configuration Errors, RFC 2182 Section and Operation of Secondary DNS Server, RFC 2219 Use of DNS Aliases for Network Services.
Nslookup allows query DNS other than the default one by type "server"
> nslookup Default Server: ntsysa06.corp.root Address: 10.87.122.146
> server 10.2.202.1
Default Server: dns-286-cns-02.corp.com
Address: 10.2.202.1
> set type=any
> ls -d target.com
systemA 1DINA 10.12.133.147
geekL 1DINA 10.12.133.151
Nslookup employs the domain name delegation method when used on the local domain. That means, making query for "systemA.targetcompany.com" failed will go one level up to find "targetcompany.com". To query host outside domain, a fully qualified domain name (FQDN) must be typed.
Nslookup interface at http://www.zoneedit.com/lookup.html provide an interactive mode.
In addition, the attacker can use dig and host command to obtain more information on UNIX system.
The DNS namespaces is divided into zones. For each DNS domain name included in a zone, the zone becomes a storage database for a single DNS domain name and is the authoritative source.
At basic level, an attacker can try to obtain more information by using various Nslookup switch.
At higher level, an attacker can attempt a zone transfer at DNS level, which can have drastic implication.
To defense the target, inappropriate queries must be refused by the system.
To check zone transfer, specify exact IP addresses from where zone transfers may be allowed. The firewall must be configured to check TCP port 53 (which unlike UDP port 53 is used for zone transfers instead of DNS queries) access. Another best practice is to use more than one DNS or the split DNS approach where one DNS caters to the external interface and the other to the internal interface. This will let the internal DNS act like a proxy server and check leaking of information from external queries.
Check out DNS concept from RFC 1912 Common DNS Operational and Configuration Errors, RFC 2182 Section and Operation of Secondary DNS Server, RFC 2219 Use of DNS Aliases for Network Services.
2 則留言:
good information
Visit learn ethical hacking!
Hello Everyone !
USA SSN Leads/Fullz available, along with Driving License/ID Number with good connectivity.
All SSN's are Tested & Verified.
**DETAILS IN LEADS/FULLZ**
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER
->ADDRESS WITH ZIP
->PHONE NUMBER, EMAIL
->EMPLOYEE DETAILS
*Price for SSN lead $2
*You can ask for sample before any deal
*If you buy in bulk, will give you discount
*Sampling is just for serious buyers
->Hope for the long term business
->You can buy for your specific states too
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
張貼留言