A记录查询
- ping 域名 或 nslookup 域名
> ping www.baidu.com
PING www.baidu.com (36.152.44.95) 56(84) bytes of data.
64 bytes from 36.152.44.95 (36.152.44.95): icmp_seq=1 ttl=55 time=24.1 ms
64 bytes from 36.152.44.95 (36.152.44.95): icmp_seq=2 ttl=55 time=22.2 ms
> nslookup www.baidu.com
Server: 114.114.114.114
Address: 114.114.114.114#53
Name: www.baidu.com
Address: 36.152.44.95
Name: www.baidu.com
Address: 36.152.44.96
www.baidu.com canonical name = www.a.shifen.com.
- dig @DNS 域名 any
> dig @8.8.8.8 www.baidu.com any
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13691
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.baidu.com. IN ANY
;; ANSWER SECTION:
www.baidu.com. 13 IN CNAME www.a.shifen.com. # 这是别名
;; Query time: 118 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Apr 28 02:17:58 EDT 2020
;; MSG SIZE rcvd: 69
PTR反向解析
- dig -x 域名
> dig -x 36.152.44.95
; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> -x 114.114.114.114
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38182
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;114.114.114.114.in-addr.arpa. IN PTR
;; ANSWER SECTION:
114.114.114.114.in-addr.arpa. 50 IN PTR public1.114dns.com. # 此为反向解析得到的域名
;; Query time: 30 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Tue Apr 28 02:21:33 EDT 2020
;; MSG SIZE rcvd: 89
P.S. 在很多时候,网站不允许反向解析,因此得不到PTR结果
查询IP或域名的供应商、归属地等基本信息
- whois IP或域名
> whois github.com
Domain Name: GITHUB.COM
Registry Domain ID: 1264983250_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2019-05-13T13:58:34Z
Creation Date: 2007-10-09T18:20:50Z
Registry Expiry Date: 2020-10-09T18:20:50Z
Registrar: MarkMonitor Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Name Server: NS-1283.AWSDNS-32.ORG
Name Server: NS-1707.AWSDNS-21.CO.UK
Name Server: NS-421.AWSDNS-52.COM
Name Server: NS-520.AWSDNS-01.NET
Name Server: NS1.P16.DYNECT.NET
Name Server: NS2.P16.DYNECT.NET
Name Server: NS3.P16.DYNECT.NET
Name Server: NS4.P16.DYNECT.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2020-04-28T06:29:41Z <<<
...
查询BIND服务器版本
> dig txt chaos VERSION.BIND @ns3.dnsv4.com
;; Warning: query response not set
;; Warning: Message parser reports malformed message packet.
; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> txt chaos VERSION.BIND @ns3.dnsv4.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51496
;; flags: rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;VERSION.BIND. CH TXT
;; ANSWER SECTION:
VERSION.BIND. 0 CH TXT "5.1.1912.02" # BIND服务器版本
;; Query time: 40 msec
;; SERVER: 183.232.90.141#53(183.232.90.141)
;; WHEN: Tue Apr 28 02:46:29 EDT 2020
;; MSG SIZE rcvd: 54
- 通过BIND版本,查找相应版本的漏洞,根据版本漏洞攻破