Using Dig

This exercise complements material in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.

You can use this lab to familiarize yourself with the dig command.

Prerequisites. Launch a terminal window within a Linux operating system. If you’re not sure how, follow the steps in the study guide to do so.

Note: The purpose of this lab is to give you some experience with the dig command.

1. Type the following command at the command prompt.

dig getcertifiedgetahead.com

This will query your DNS server and give the IP address for getcertifiedgetahead.com, if it is available.

The following lines show the result of running this command.

root@kali:~# dig getcertifiedgetahead.com

; <<>> DiG 9.10.3-P4-Debian <<>> getcertifiedgetahead.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23847
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0005 , udp: 512
;; QUESTION SECTION:
;getcertifiedgetahead.com. IN A

;; ANSWER SECTION:
getcertifiedgetahead.com. 5 IN A 35.221.53.172

;; Query time: 51 msec
;; SERVER: 192.168.190.2#53(192.168.190.2)
;; WHEN: Fri May 12 13:05:13 EDT 2017
;; MSG SIZE rcvd: 69

Note that the ANSWER SECTION shows the IP address. Below the ANSWER SECTION, it includes the IP address of the DNS server (192.168.190.2) tha provided the response.t pr

2. Type the following command at the command prompt.

dig getcertifiedgetahead.com +nocomments +noauthority +noadditional +nostats

This simplifies the response by removing all but the answer section.

root@kali:~# dig getcertifiedgetahead.com +nocomments +noauthority +noadditional +nostats

; <<>> DiG 9.10.3-P4-Debian <<>> getcertifiedgetahead.com +nocomments +noauthority +noadditional +nostats
;; global options: +cmd
;getcertifiedgetahead.com. IN A
getcertifiedgetahead.com. 5 IN A 35.221.53.172

3. Type the following command at the command prompt.

dig getcertifiedgetahead.com +noall +answer

This gives the same result as the previous command but simplifies the command.

root@kali:~# dig getcertifiedgetahead.com +noall +answer

; <<>> DiG 9.10.3-P4-Debian <<>> getcertifiedgetahead.com +noall +answer
;; global options: +cmd
getcertifiedgetahead.com. 5 IN A 35.221.53.172

4. Use the following command to identify the authoritative DNS server for getcertifiedgetahead.com.

dig getcertifiedgetahead.com NS +noall +answer

root@kali:~# dig getcertifiedgetahead.com NS +noall +answer

; <<>> DiG 9.10.3-P4-Debian <<>> getcertifiedgetahead.com NS +noall +answer
;; global options: +cmd
getcertifiedgetahead.com. 3600 IN NS ns.liquidweb.com.
getcertifiedgetahead.com. 3600 IN NS ns1.liquidweb.com.

Note that this asks for the NS record, which is the IP address for the name server.

5. Use the following command to identify the mail server used for getcertifiedgetahead.com.

dig getcertifiedgetahead.com MX +noall +answer

root@kali:~# dig getcertifiedgetahead.com MX +noall +answer

; <<>> DiG 9.10.3-P4-Debian <<>> getcertifiedgetahead.com MX +noall +answer
;; global options: +cmd
getcertifiedgetahead.com. 5 IN MX 10 getcertifiedgetahead.com.

6. You can also use the -t switch to specify the record type you want. Use the following command with the -t switch to show the mail exchanger or mail exchange (MX) record.

dig -t mx getcertifiedgetahead.com +noall +answer

root@kali:~# dig -t mx getcertifiedgetahead.com +noall +answer

; <<>> DiG 9.10.3-P4-Debian <<>> -t mx getcertifiedgetahead.com +noall +answer
;; global options: +cmd
getcertifiedgetahead.com. 5 IN MX 10 getcertifiedgetahead.com.

7. Use the following command to get a simple response from dig.

dig getcertifiedgetahead.com +short

root@kali:~# dig getcertifiedgetahead.com +short
35.221.53.172

8. Use the following command to do a reverse lookup on the gcgapremium.com server.

Note: A reverse lookup is dependent on the DNS server having a PTR record for the host. However, the getcertifiedgetahead.com website is running in a container on a shared server. This shared server doesn’t have a PTR record. The gcgapremium.com server does have a PTR record

dig -x 72.52.230.233 

root@kali:~# dig -x 72.52.230.233

; <<>> DiG 9.10.3-P4-Debian <<>> -x 72.52.230.233
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54139
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0005 , udp: 512
;; QUESTION SECTION:
;233.230.52.72.in-addr.arpa. IN PTR

;; ANSWER SECTION:
233.230.52.72.in-addr.arpa. 3600 IN PTR host.getcertifiedgetahead.com.

;; Query time: 65 msec
;; SERVER: 192.168.190.2#53(192.168.190.2)
;; WHEN: Fri May 12 13:38:22 EDT 2017
;; MSG SIZE rcvd: 98

Note that this uses the -x switch and is giving the full answer. The success of this query is dependent on the DNS server having a PTR record for the host.

9. Use the following command to exit the terminal window

exit

Back to SY0-501 Security+ labs.

error: