DNS tools

Sat 05 April 2014

[caption id="" align="alignright" width="350"]English: Impression of Kakamega Rain Forest Where's the DN tree ? (Photo credit: Wikipedia)[/caption]

Here is a reminder for me and myself, that can be useful to every one (I hope as anything I write down here). It concerns some tools to retrieve DNS informations. Almost everything in this post is based on bind. Other post about DNS could be find here.


First of all, I should put a link the the dig manpage and a short example of its use:

dig +trace AAAA www.example.com

note that the equivalent in Microsoft world is nslookup but I know almost nothing about.

When requesting whoami.akamai.net, the answer depends on the host making the request (useful to detect DNS proxy). Try comparing multiple servers responses:

dig @ A whoami.akami.net
dig @ A whoami.akami.net

of course, more complicated stuff is possible:

opt="+dnssec +trace"
rm -v $outfile0 $outfile1       #clean up
for rec in any a aaaa mx ns txt         # fetch some records
  dig $opt $rec $1
  sleep 1                               # we don't flood servers
done > $outfile0
while read fqdn ttl class type addr
  if [[$type=="A" -o $type=="AAAA"]]     # check ptr for addresses fetch
    then dig -x $opt $addr >> $outfile1
    sleep 1                             # we don't flood servers
done < $(grep -v -e '^;' -e '^.' $outfile0 | grep IN ) # remove comment line and root zone related RR, keep only line containing IN class RR

# show all results
cat $outfile0 $outfile1


Some people think (with reason) that dig is a low level tool and some front-end should be written to ease information retrieval. Here comes dns_tree and its debian packaging.

Nevertheless, this tool seems to work based on transfer zone (AXFR) that should not be allowed. Thus it seems to fail quite easily.


nmap comes with some DNS options.

  • -R
  • --version-all

Not quite useful, but still fun.

Category: tools Tagged: BIND DNS Domain Name System Information retrieval

Page 1 of 1