Question

I have a question that I would like an explanation on how an ethical hacker uses the information derived by use of Nslookup and Whois to mitigate network connectivity issues. If you could explain in a paragraph it would help me tremendously.

Answer 1

DNS errors can stem from many sources, including the configuration of DNS settings. The first step for many network issues is often a DNS lookup to gather more information and see if any of the issues are from a DNS issue. Two methods to accomplish DNS groundwork are nslookup and whois.

HOW & WHY TO USE NSLOOKUP

Unlike ping, which does return a DNS lookup, nslookup delivers more information and can be set to use various DNS servers. The ping command will only return the “A” record for a domain. The A record, or Address record, simply points the web URL (like greenhousedata.com) to the assigned IP address. This is called “resolving,” where a DNS server checks to see if a given URL has an IP address.

Nslookup is similar in that it asks the DNS server for information on a domain, but it can gather more information about mail servers, IP addresses, and more.

Use the nslookup command from the Windows command prompt, and it will return the default DNS server and its IP address. If you include a URL after nslookup, it will return the DNS server name and the IP address.

You can set specific queries for nslookup by typing “nslookup”, hitting Return, then “set xx” where “xx” is the query type, hitting Return, then typing the URL for the server you want information from, and hitting Enter one final time.

Some query examples are:

Set q=a
Find IP address

Set q=andy
Find all DNS information

Set q=CNAME
Find canonical name (the overarching name that defines the subdomain, IP address, etc)

Set q=MB
Find the mailbox domain name

Set q=MX
Grab more information about an exchange server

Set q=WKS
Find information about Well Known Services

HOW & WHY TO USE WHOIS

Whois is another tool that can offer DNS information, but it can also be used on expired domains. On Windows machines, you’ll need an application, but there are also some websites that can run whois queries, like www.whosis.net.

An application will add whois to your command line, so once installed you’ll run it just like nslookup. On a Unix/Linux/Mac OS computer, you can run whois from the command line in Terminal.

Type in “whois URL” to return information on a given domain. The command will display relevant information including the Registrar (the organization who registered the domain with the DNS), the Name Servers (servers in charge of the domain’s DNS), Creation Date, Expiration Date, and any public contact information.

It is vital to run whois before making configuration changes to your DNS zone files. Whois is also useful when attempting to identify incoming traffic, like when stopping spam or trademark infringement.