DIG
dig www.baidu.com any @8.8.4.4
==== dig 的有点 ====
1. 可以更好的筛选输出的内容,减少不必要的输出,利于变成
例子
dig +noall +answer any baidu.com| awk '{print $5}'
+noall 和+answer是参数
root@kali:~# dig +noall +answer baidu.com
baidu.com. 5 IN A 123.125.114.144
baidu.com. 5 IN A 220.181.57.217
baidu.com. 5 IN A 111.13.101.208
baidu.com. 5 IN A 180.149.132.47
root@kali:~# dig +noall +answer baidu.com |awk '{print $5}'
123.125.114.144
180.149.132.47
111.13.101.208
220.181.57.217
2. 可以尝试获取目标DNS服务器所有记录
dig +noall +answer txt chaos VERSION.BIND @ns3.dnsv4.com
version.bind:查询bind版本
txt:bind记录对应的类型
chaos:类是chaos
==== MAN DIG ====
dig [@server] [-b address] [-c class] [-f filename] [-k filename] [-m] [-p port#] [-q name]
[-t type] [-v] [-x addr] [-y [hmac:]name:key] [-4] [-6] [name] [type] [class] [queryopt...]
dig [global-queryopt...] [query...]
type:any;a;mx;sig;etc
options: -4;-6;-p;-v;
-b:address[#port] 设置源IP。可能被用来做DDOS攻击。但是IP必须是机器上可用的接口ip
-c:class类。默认是IN,其他的有HS(hesiod);CH(chaosnet)
-f:file。从一个文件读取需要dig请求的列表,文件直接写就OK
----------------------------------------------
root@kali:~/Documents# dig +noall +answer -f dig.txt -q any
www.baidu.com. 5 IN CNAME www.a.shifen.com.
www.a.shifen.com. 5 IN A 61.135.169.125
www.a.shifen.com. 5 IN A 61.135.169.121
www.sina.com. 5 IN CNAME us.sina.com.cn.
us.sina.com.cn. 5 IN CNAME news.sina.com.cn.
news.sina.com.cn. 5 IN CNAME jupiter.sina.com.cn.
jupiter.sina.com.cn. 5 IN CNAME tucana.sina.com.cn.
tucana.sina.com.cn. 5 IN A 111.161.78.250
root@kali:~/Documents# cat dig.txt
www.baidu.com
www.sina.com
--------------------------------------------------------
-i:反向IPv6解析
-k:keyfile;TSIG(transaction SIGnature).在DNS更新数据库时进行认证。比如主被,或者是动态DNS。reference RFC2845 或者 https://en.wikipedia.org/wiki/TSIG
-q:domain name
-t:type AXFR=zone transfer;IXFR=incremental zone transfer;
-x:反向解析
请求的选项:
+[no]aaflag=aaonly
+[no]aaonly=请求中设aa
+[no]additional
+[no]adflag=显示authentic data
+[no]all=所有选项置否
+[no]answer
+[no]authority
+[no]nesteffort=默认为否
+[no]cdflag=设置CD位,checking disabled。请求服务器不对反馈惊醒DNSSEC验证
+[no]class
+[no]cmd=打印dig的版本等信息。目前看来没什么卵用
--------------------------------------------------------------------
root@kali:~/Documents# dig +noall +cmd www.baidu.com
; <<>> DiG 9.10.3-P4-Debian <<>> +noall +cmd www.baidu.com
;; global options: +cmd
-------------------------------------------------------------------
+[no]comments
+[no]crypto=debug DNSSEC用的
+[no]defname=和search一样
+[no]dnssec=可以接受dnssec
+[no]edns=entention of DNS;原始dns最高512bytes。eDNS在dns的addtional message 里以pseudo-resource-records的形式。这个属性可以被用来DDOS
+[no]fail=如果前一个DNS服务器返回SERVFAIL,就不再试下一个DNS服务器了
+[no]identify=显示返回答案的机器的IP和端口号
---------------------------------------------------------------------------
root@kali:~/Documents# dig +noall +answer +identify www.baidu.com
www.baidu.com. 5 IN CNAME www.a.shifen.com.
www.a.shifen.com. 5 IN A 61.135.169.125
www.a.shifen.com. 5 IN A 61.135.169.121
;; Received 101 bytes from 192.168.152.2#53(192.168.152.2) in 9 ms #这条下面没有。这条显示的就是identify
root@kali:~/Documents# dig +noall +answer www.baidu.com
www.baidu.com. 5 IN CNAME www.a.shifen.com.
www.a.shifen.com. 5 IN A 61.135.169.125
www.a.shifen.com. 5 IN A 61.135.169.121
+[no]ignore=如果UDP的回复被截断了,不尝试tcp了。木柔会尝试tcp重新发送
+[no]keepopen=保持TCP socket open并且复用。默认是no的状态。这个在批量查询的时候有用
+[no]multiline=以多行的形式打印结果。便于阅读
+[no]nssear=dig试图找到授权了的域名服务器。
+[no]opcode=vlaue=设置DNS的 opcode
+[no]question=当有一个回答的时候,打印问题
+[no]rdflag=recurse=递归查询开关
+[no]short=紧凑模式
--------------------------------------------------------------------------------
root@kali:~/Documents# dig www.baidu.com
; <<>> DiG 9.10.3-P4-Debian <<>> www.baidu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33471
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.baidu.com. IN A
;; ANSWER SECTION:
www.baidu.com. 5 IN CNAME www.a.shifen.com.
www.a.shifen.com. 5 IN A 61.135.169.121
www.a.shifen.com. 5 IN A 61.135.169.125
;; Query time: 5 msec
;; SERVER: 192.168.152.2#53(192.168.152.2)
;; WHEN: Sun Apr 16 23:52:39 CST 2017
;; MSG SIZE rcvd: 93
root@kali:~/Documents# dig +short www.baidu.com
www.a.shifen.com.
61.135.169.121
61.135.169.125
--------------------------------------------------------------------
+[no]tcp=VC=使用tcp;vc=virtual circu
+[no]trace=显示从root dns server到最后结果的查询路径
+[no]ttlid=显示记录的ttl
+[no]
+retry=T=重试次数
+time=T=超时时间