dns
04/06/2019whois
Whois records are used to get details provided by the domain owner to domain registrar. Whois serves are operated by Regional Internet Registrars (RIR) and use port 43. In Linux we can use the command whois. We can use DNS to find services, like mails, or subdomaines.
$ whois orange.fr
registrar: ORANGE
type: Isp Option 1
address: 78 Rue Olivier de Serres
address: 78-84
address: 75015 PARIS 15
country: FR
phone: +33 1 53 95 12 28
e-mail: domaine.admin@orange.com
website: https://cloud.orange-business.com/fr/e-boutique/noms-de-domaine
anonymous: NO
registered: 2006-02-15T12:00:00Z
source: FRNIC
nic-hdl: O7771-FRNIC
type: ORGANIZATION
contact: ORANGE
address: ORANGE
address: 78-84, rue Olivier de Serres
address: 75015 Paris
country: FR
phone: +33 1 44 44 22 22
fax-no: +33 1 45 30 52 71
e-mail: gestionndd@francetelecom.biz
registrar: ORANGE
changed: 2018-02-21T08:11:58Z nic@nic.fr
anonymous: NO
obsoleted: NO
eligstatus: not identified
reachstatus: not identified
source: FRNIC
...
Zone transfer using dig
To create replication of DNS server, we use zone transfer to synchronize the data. A zone transfer request is a copu of the database with IP-hostname that it can resolve. A misconfiguration in DNS servers allow for anyone to ask for a zone transfer and obtain the full database with the dig (Domain Internet Groper) command. Zone transfer use TCP port 53 and not UDP port 53 (standard). Exists many types of DNS records, like Mail Exchanger (MX), SRV, PTR.
$ dig google.fr mx
;; ANSWER SECTION:
google.fr. 582 IN MX 50 alt4.aspmx.l.google.com.
google.fr. 582 IN MX 40 alt3.aspmx.l.google.com.
google.fr. 582 IN MX 10 aspmx.l.google.com.
google.fr. 582 IN MX 30 alt2.aspmx.l.google.com.
google.fr. 582 IN MX 20 alt1.aspmx.l.google.com.
# make zone transfer request
$ dig axfr zonetransfer.me @nsztm1.digi.ninja
# axfr: zone transfer from zonetransfer.me domain to nsztm1.digi.ninja server
zonetransfer.me. 7200 IN SOA nsztm1.digi.ninja. robin.digi.ninja. 2017042001 172800 900 1209600 3600
zonetransfer.me. 300 IN HINFO "Casio fx-700G" "Windows XP"
zonetransfer.me. 301 IN TXT "google-site-verification=tyP28J7JAUHA9fw2sHXMgcCC0I6XBmmoVi04VlMewxA"
zonetransfer.me. 7200 IN MX 0 ASPMX.L.GOOGLE.COM.
zonetransfer.me. 7200 IN MX 10 ALT1.ASPMX.L.GOOGLE.COM.
zonetransfer.me. 7200 IN MX 10 ALT2.ASPMX.L.GOOGLE.COM.
zonetransfer.me. 7200 IN MX 20 ASPMX2.GOOGLEMAIL.COM.
zonetransfer.me. 7200 IN MX 20 ASPMX3.GOOGLEMAIL.COM.
zonetransfer.me. 7200 IN MX 20 ASPMX4.GOOGLEMAIL.COM.
zonetransfer.me. 7200 IN MX 20 ASPMX5.GOOGLEMAIL.COM.
zonetransfer.me. 7200 IN A 5.196.105.14
zonetransfer.me. 7200 IN NS nsztm1.digi.ninja.
zonetransfer.me. 7200 IN NS nsztm2.digi.ninja.
_sip._tcp.zonetransfer.me. 14000 IN SRV 0 0 5060 www.zonetransfer.me.
14.105.196.5.IN-ADDR.ARPA.zonetransfer.me. 7200 IN PTR www.zonetransfer.me.
asfdbauthdns.zonetransfer.me. 7900 IN AFSDB 1 asfdbbox.zonetransfer.me.
asfdbbox.zonetransfer.me. 7200 IN A 127.0.0.1
asfdbvolume.zonetransfer.me. 7800 IN AFSDB 1 asfdbbox.zonetransfer.me.
canberra-office.zonetransfer.me. 7200 IN A 202.14.81.230
cmdexec.zonetransfer.me. 300 IN TXT "; ls"
contact.zonetransfer.me. 2592000 IN TXT "Remember to call or email Pippa on +44 123 4567890 or pippa@zonetransfer.me when making DNS changes"
dc-office.zonetransfer.me. 7200 IN A 143.228.181.132
deadbeef.zonetransfer.me. 7201 IN AAAA dead:beaf::
dr.zonetransfer.me. 300 IN LOC 53 20 56.558 N 1 38 33.526 W 0.00m 1m 10000m 10m
DZC.zonetransfer.me. 7200 IN TXT "AbCdEfG"
email.zonetransfer.me. 2222 IN NAPTR 1 1 "P" "E2U+email" "" email.zonetransfer.me.zonetransfer.me.
email.zonetransfer.me. 7200 IN A 74.125.206.26
home.zonetransfer.me. 7200 IN A 127.0.0.1
# locked transfer
$ dig axfr facebook.com @nsztm1.digi.ninja
; Transfer failed.
Sometimes, the primary DNS server block the zone transfer, and a secondary server will allow it.
# all nameservers of a domain
$ dig google.com NS +noall +answer
google.com. 16907 IN NS ns2.google.com.
google.com. 16907 IN NS ns3.google.com.
google.com. 16907 IN NS ns1.google.com.
google.com. 16907 IN NS ns4.google.com.