Backtrack安全工具研究系列之dig

dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig.

dig是查询域名信息的灵活工具,功能要比nslookup多很多,是域名管理员的首选测试和排错工具,以前常用nslookup查询,dig确实更胜一筹并且返回的信息更加的详细,大家也可以试试。

dig [@server] [-b address] [-c class] [-f filename] [-k filename] [-p port#] [-q name] [-t type] [-x addr] [-y [hmac:]name:key] [-4] [-6] [name] [type] [class] [queryopt…]

dig [-h] //获取完整信息

Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}
{global-d-opt} host [@local-server] {local-d-opt}
[ host [@local-server] {local-d-opt} […]]
Where: domain is in the Domain Name System
q-class is one of (in,hs,ch,…) [default: in]
q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,…) [default:a]
(Use ixfr=version for type ixfr)
q-opt is one of:
-x dot-notation (shortcut for reverse lookups)
-i (use IP6.INT for IPv6 reverse lookups)
-f filename (batch mode)
-b address[#port] (bind to source address/port)
-p port (specify port number)
-q name (specify query name)
-t type (specify query type)
-c class (specify query class)
-k keyfile (specify tsig key file)
-y [hmac:]name:key (specify named base64 tsig key)
-4 (use IPv4 query transport only)
-6 (use IPv6 query transport only)
d-opt is of the form +keyword[=value], where keyword is:
+[no]vc (TCP mode)
+[no]tcp (TCP mode, alternate syntax)
+time=### (Set query timeout) [5]
+tries=### (Set number of UDP attempts) [3]
+retry=### (Set number of UDP retries) [2]
+domain=### (Set default domainname)
+bufsize=### (Set EDNS0 Max UDP packet size)
+ndots=### (Set NDOTS value)
+edns=### (Set EDNS version)
+[no]search (Set whether to use searchlist)
+[no]showsearch (Search with intermediate results)
+[no]defname (Ditto)
+[no]recurse (Recursive mode)
+[no]ignore (Don’t revert to TCP for TC responses.)
+[no]fail (Don’t try next server on SERVFAIL)
+[no]besteffort (Try to parse even illegal messages)
+[no]aaonly (Set AA flag in query (+[no]aaflag))
+[no]adflag (Set AD flag in query)
+[no]cdflag (Set CD flag in query)
+[no]cl (Control display of class in records)
+[no]cmd (Control display of command line)
+[no]comments (Control display of comment lines)
+[no]question (Control display of question)
+[no]answer (Control display of answer)
+[no]authority (Control display of authority)
+[no]additional (Control display of additional)
+[no]stats (Control display of statistics)
+[no]short (Disable everything except short
form of answer)
+[no]ttlid (Control display of ttls in records)
+[no]all (Set or clear all display flags)
+[no]qr (Print question before sending)
+[no]nssearch (Search all authoritative nameservers)
+[no]identify (ID responders in short answers)
+[no]trace (Trace delegation down from root)
+[no]dnssec (Request DNSSEC records)
+[no]nsid (Request Name Server ID)
+[no]multiline (Print records in an expanded format)
global d-opts and servers (before host name) affect all queries.
local d-opts and servers (after host name) affect only that lookup.
-h (print help and exit)
-v (print version and exit)

最基本用法是:dig @server name type

  • server 指定的DNS服务器,如果没有设置,就是用本机默认的设置
  • name 是要查询的域名
  • type 是要查询的纪录类型,如果没有设置,默认的是查询A纪录,支持ANY、A、MX等

root@bt:~# dig google.com

; <<>> DiG 9.5.0-P2.1 <<>> google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42658
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 5 IN A 66.249.89.104
google.com. 5 IN A 66.249.89.99

;; AUTHORITY SECTION:
google.com. 5 IN NS ns1.google.com.
google.com. 5 IN NS ns4.google.com.
google.com. 5 IN NS ns2.google.com.
google.com. 5 IN NS ns3.google.com.

;; ADDITIONAL SECTION:
ns2.google.com. 5 IN A 216.239.34.10
ns3.google.com. 5 IN A 216.239.36.10
ns4.google.com. 5 IN A 216.239.38.10
ns1.google.com. 5 IN A 216.239.32.10

;; Query time: 399 msec
;; SERVER: 192.168.80.2#53(192.168.80.2)
;; WHEN: Thu Feb 17 07:29:52 2011
;; MSG SIZE rcvd: 196

一些额外的常用功能:

用dig查看反向解析:dig -x 88.88.88.88 @server
查找一个域的授权DNS服务器:dig flyxj.cn +nssearch
从根服务器开始追踪一个域名的解析过程:dig flyxj.cn +trace
…(更为深入和具体的可以参考man手册)

dig对于提供域名的信息应该是非常详细了,结合whois,信息的挖掘将更为的方便。

 
本文摘自网络由网络安全攻防研究室(www.91ri.org) 信息安全小组收集整理.转载本文请著名原文地址及原作者版权信息。