Using Nslookup

This exercise complements material in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.

You can use this lab to familiarize yourself with the nslookup command.

Prerequisites. Launch a Command Prompt window within a Windows operating system. If you’re not sure how, follow the steps in the study guide to do so. Also, you should use a wired connection. A wireless connection often indicates the wireless router is your DNS server and the steps in this lab won’t work.

Note: The purpose of this lab is to give you some experience with nslookup.

1. Type the following command at the command prompt.

nslookup

This will show you the name (if known) and the IP address of your DNS server.

As an example, the following lines show the result of running this on a wired computer in my network. It shows that my DNS server is cdns1.cox.net and it’s IP address is 68.105.28.11.

C:\>nslookup
Default Server: cdns1.cox.net
Address: 68.105.28.11

Note that if your DNS server isn’t using PTR records, the Default Server will show as Unknown.

This also puts you into the interactive mode of nslookup. You can tell because the prompt changed from C:\> to >.

2. Press CTRL + C to exit interactive mode. You can also exit by typing exit and pressing enter.

3. Type in nslookup followed by the IP address of your DNS server. This effectively queries the DNS server for a PTR record matching the IP address with the server name.

C:\>nslookup 68.105.28.11
Server: cdns1.cox.net
Address: 68.105.28.11

Name: cdns1.cox.net
Address: 68.105.28.11

The first two lines tell you the name of the DNS server providing the answer and its IP address. It queries the DNS server for a  PTR record. PTR records are optional and you might see an error on these two lines if your DNS server isn’t using PTR records.

4. Use the following command to get the IP address of passsecurityplus.com. This effectively queries the DNS server for the A record.

nslookup passsecurityplus.com

C:\>nslookup passsecurityplus.com
Server: cdns1.cox.net
Address: 68.105.28.11

Non-authoritative answer:
Name: passsecurityplus.com
Address: 72.52.230.233

Just as before, the first two lines tell you the name of the DNS server providing the answer and its IP address.

The last two lines give you the name you requested (passsecurityplus.com) and its IP address.

Notice that it indicates this is a Non-authoritative answer. This simply means that the cdns1.cox.net DNS server doesn’t hold the records for passsecurityplus.com. Instead, it sent queries via the Internet to find the answer.

5. Use the following command to get the name of the server from the IP address. This effectively queries the DNS server for the PTR record.

nslookup 72.52.230.233

C:\>nslookup 72.52.230.233
Server: cdns1.cox.net
Address: 68.105.28.11

Name: www2.gcgapremium.com
Address: 72.52.230.233

Note that the passsecurityplus.com web site is hosted on the www2.gcgapremium.com server.

6. Type in the following command to enter interactive mode.

nslookup

7. Type in the following command to set the query to display A records.

set q=a

8. Type in the following command to query the DNS server for the A record.

passsecurityplus.com

> set q=a
> passsecurityplus.com
Server: cdns1.cox.net
Address: 68.105.28.11

Non-authoritative answer:
Name: passsecurityplus.com
Address: 72.52.230.233

Notice that the results from interactive mode show the web site name, while the results from step 4 show the server name.

9.Type in the following command to set the query to display PTR records.

set q=ptr

10. Type in the following command to query the DNS server for the PTR record.

72.52.230.233

> set q=ptr
> 72.52.206.134
Server: cdns1.cox.net
Address: 68.105.28.11

Non-authoritative answer:
233.230.52.72.in-addr.arpa name = www2gcgapremium.com

11. Type in the following command to set the query to display MX records.

set q=mx

12. Type in the following command to query the DNS server for the MX record. Remember, mx is short for mail exchanger (or mail exchange) and it identifies the server used as a mail server for this domain.

passsecurityplus.com

> set q=mx
> passsecurityplus.com
Server: cdns1.cox.net
Address: 68.105.28.11

Non-authoritative answer:
passsecurityplus.com MX preference = 10, mail exchanger = passsecurityplus.com

passsecurityplus.com internet address = 72.52.230.233

Note that many environments have two or more mail servers. For example, you may see the following answer:

passsecurityplus.com MX preference = 10, mail exchanger = mx1.passsecurityplus.com

passsecurityplus.com MX preference = 20, mail exchanger = mx2.passsecurityplus.com

The preference indicates which DNS server is the primary server and which server is the secondary (or backup) server. The server with the lower number (10 in this example) is the primary email server and is used first.

13. Use the following command to exit nslookup

exit

14. Use the following command to exit the Command Prompt window.

exit

Back to SY0-501 Security+ labs.

error: