Shulou(Shulou.com)06/01 Report--

DNS record

A record

An A record is used to create a record to an IP address.

A record setting skills

1. If you want to create a record without www, that is, cnblog.com, enter @ or leave blank in the host record, different registrants may be different.

2. Create multiple domain names to the same IP. For example, if you create a secondary domain name for a blog, you can use * .blog.cnblog.com to point to an IP, so that both a.blog.cnblog.com and b.blog.cnblog.com can reach the same IP.

3. If you set multiple A records for the same second-level domain name, for example, you have created two A records of blog, one of which points to 111.111.111.111 and the other to 111.111.111.112, then when querying, the data returned each time contains two IP addresses, but the data is arranged in a different order each time. Because most clients only choose the first record, a certain degree of load balancing can be achieved in this way.

From the command line, you can view the A record through nslookup-qt=a www.cnblog.com.

MX record

You can view the MX record through nslookup-qt=mx cnblog.com from the command line.

The weight of the mx record is very important to the Mail service. When sending mail, the Mail server first parses the domain name and looks up the mx record. First find the server with the lowest weight (say 10), if it can be connected, then send it to the server; if you can't reach the server recorded by mx as 10, then send the mail to the mail server with weight 20.

There is an important concept here. A server with a weight of 20 is configured to temporarily cache mail. When a server with a weight of 20 can connect to a server with a weight of 10, it will still send messages to a Mail server with a weight of 10. Of course, this mechanism needs to be configured on the Mail server.

CNAME record

CNAME records are also aliased records, which allow you to map multiple records to the same computer. For example, you have created the following records:

A1 CNAME a.cnblog.com

A2 CNAME a.cnblog.com

A3 CNAME a.cnblog.com

An A 111.222.111.222

When we visit A1 (a2Powera3) .cnblog.com, the domain name resolution server will return a CNAME record and point to a.cnblog.com, and then our local computer will send another request for a.cnblog.com resolution and return the IP address.

When we want to point a lot of domain names to a computer, it is more convenient to use CNAME. As in the example above, if the server changes IP, we just need to change the A record of a.cnblog.com.

You can use nslookup-qt=cname a.cnblog.com to view CNAME records from the command line.

TXT record

A TXT record usually sets a description for a record, for example, you create a new a.cnblog.com TXT record, TXT records the content "this is a test TXT record." and then you use nslookup-qt=txt a.cnblog.com, and you can see the word "this is a test TXT record".

In addition, TXT can also be used to verify all domain names. For example, if your domain name uses a service of Google, Google will ask you to create a TXT record, and then Google will verify whether you have administrative rights to the domain name.

You can use nslookup-qt=txt a.cnblog.com to view TXT records from the command line.

AAAA record

An AAAA record is a record that points to an IPv6 address.

You can use nslookup-qt=aaaa a.cnblog.com to view AAAA records.

NS record

NS records are domain name server records that specify which server will resolve the domain name. You can use nslookup-qt=ns cnblog.com to view it.

TTL value

TTL=time to live, which represents the cache time recorded by the resolution in the DNS server. For example, when we request to parse www.cnblog.com, and the DNS server finds that there is no such record, the next NS server will issue a request, and after obtaining the record, the length of time that the record will be saved on the DNS server for TTL. When we make another request to parse the www.cnblog.com, the DNS server directly returns the previous record without requesting the NS server. The time length of TTL is measured in seconds, usually 3600 seconds.

1.NSLOOKUP command: parsing DNS (query IP by domain name)

Simple to use:

Set query type: a, MX, etc.

We can customize the DNS server resolution:

It is found that the address we found is different from the one we just found.

Because: the custom lookup is the nearest DNS server, not the locally optimized network

Dig command: similar to nslookup:

You can add some parameters: for example, we don't need to look at too much detailed information, just look at the results:

Or use pipeline filtering:

Reverse query:

Features specific to dig:

1. Find the DNS server version:

Tracking query:

DNS area transfer:

Normally, DNS zone transfers only exist between DNS servers

While some careless administrators are not fully configured, we can use the following command for DNS zone transfer:

There are two ways:

1.

two。

However, they all failed, which is a normal phenomenon, because the corresponding staff have been perfected.

Additional: a brief introduction to the Host command:

Zone transfer is very important. If we get all the records of the target DNS server, it will be more convenient to expand × ×.

OK, our regional transmission failed, is there any way to succeed?

DNS dictionary burst:

The method and process are as follows:

1. In the absence of a custom dictionary:

It's very slow. I'll stop him first and look for a dictionary that can be used in the system:

Very slow, patient friends can wait for it to be finished for 2280 times!

The second way: dnsdict6

As the above Kali2.0 is no longer built-in, download requires FQ, inconvenient, so skip this tool.

The third kind: dnsmap

This is my favorite. It has simple parameters and good efficiency.

After we get the DNS information, we can do other interesting operations!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.