ShirazOnline
نمایش نتایج: از شماره 1 تا 1 , از مجموع 1

موضوع: nslookup and DNS Zone Transfers

  1. #1
    کاربر مستعد root آواتار ها
    تاریخ عضویت
    Dec 2006
    نوشته ها
    764
    تشکرها / پسندها

    Post nslookup and DNS Zone Transfers

    Want to get a list of all the ip addresses as well as aliases assigned within a domain? You can grab that information if the DNS server allows zone transfers. The zone transfer is the method a secondary DNS server uses to update its information from the primary DNS server. DNS servers within a domain are organized using a master-slave method where the slaves get updated DNS information from the master DNS. One should configure the master DNS server to allow zone transfers only from secondary (slave) DNS servers but this is often not implemented.

    You do not have to have DNS to request a zone transfer. You can issue a zone transfer request using the nslookup client which is a standard part of unix, NT, Windows 2000 and XP. To dump the DNS records from your current domain, lets says, its wayne.net:

    Type nslookup at the commandline (NT example). This starts nslookup in interactive mode. It will respond with the name and ip address of your default DNS server:

    Default Server: dns01.wayne.net
    Address: 10.10.10.1
    >

    To get a list of commands available, type set all. For the more important set options:

    set d2 : puts nslookup in debug mode, so you can examine query and response packets between the resolver and server
    set domain= : tells the resolver which domain name to append to queries not FQDN
    set timeout= : for slow links
    set type= : which type of records to search for ( A, PTR, SRV, or ALL)

    You can get help at the nslookup command prompt by typing:

    > help

    To dump all available records, assuming zone transfers are enabled, issue the following commands:

    > set type=any
    > ls -d wayne.net > dns.wayne.net
    > exit

    The ls -d wayne.net command requested all records for the domain be dumped in a file named "dns.wayne.net". Open up dns.wayne.net and see what goodies you can find. If dns1 is not authoritative for the domain, you can change which DNS server you wish to dump records using the command:

    > server 10.10.10.2

    Default Server: dns02.wayne.net
    Address: 10.10.10.2 >

    If successful, the dump file will have lines such as:

    > ls -d wayne.net
    [dns1.wayne.net]
    wayne.net. SOA dns04.wayne.net wayne.dns04.wayne.net. (3301 10800 3600 604800 86400)
    wayne.net. NS dns04.wayne.net
    wayne.net. NS dns02.wayne.net
    wayne.net. NS dns01.wayne.net
    wayne.net. NS dns05.wayne.net
    wayne.net. MX 10 email.wayne.net
    rsmithpc TXT "smith, robert payments 214-389-xxxx"

    rsmithpc A 10.10.10.21
    wmaplespc TXT "Waynes PC"

    wmaplespc A 10.10.10.10
    wayne CNAME wmaplespc.wayne.net

    You can see from the bits above, that there are multiple dns servers, that there is a email pop3 server, what my ip address is, ...

    Lots of goodies particularly if the DNS admins put in "good" comments. Might be useful info for social engineering if the comments include phone numbers.

    The ls -d command, emulates a zone transfer. You can also get a listing by using the ls -t to get a list of the members of a domain.

    For DNS info see The [فقط اعضا می توانند لینک ها را مشاهده کنند برای ثبت نام اینجا را کلیک کنید].


  2. # ADS
    Circuit advertisement
    تاریخ عضویت
    Always
    نوشته ها
    Many
    mftmirdamad
     

اطلاعات موضوع

کاربرانی که در حال مشاهده این موضوع هستند

در حال حاضر 1 کاربر در حال مشاهده این موضوع است. (0 کاربران و 1 مهمان ها)

علاقه مندی ها (Bookmarks)

علاقه مندی ها (Bookmarks)

مجوز های ارسال و ویرایش

  • شما نمیتوانید موضوع جدیدی ارسال کنید
  • شما امکان ارسال پاسخ را ندارید
  • شما نمیتوانید فایل پیوست کنید.
  • شما نمیتوانید پست های خود را ویرایش کنید
  •