9 Useful Host Command Examples for Querying DNS Details

The HOST command is a straightforward command line interface utility for performing DNS enumeration.

In safety analysis and moral hacking, DNS enumeration is the primary stage in gathering details about a goal. It’s the technique of querying all potential DNS information of a website title server, comparable to title server particulars, IP addresses, mail exchanger particulars, TTLs, and extra.

Attackers can use this DNS-enumerated data to probe inner community information.

There are quite a few DNS recon and on-line enumeration instruments out there on the web. Nevertheless, the DNS enumeration will be simply carried out with a single command line utility. That’s “HOST”.

On this article, we have a look at some helpful examples of host instructions for querying DNS particulars.

Let’s begin!

Set up

The “HOST” command might typically not be out there by default on a newly put in machine. In consequence, it’s important to manually set up it on the system. The set up course of is kind of easy.

All DNS associated instructions comparable to nslookup, dig And host are included within the “bind-utils” library. To do this, simply sort the next command within the terminal.

sudo apt-get set up dnsutils -y

This HOST command works on each MAC and Linux.

Utilization

Common syntax: The final “host” command lists the final syntax of the command and the arguments it could possibly use, in addition to a brief description of every argument.

Instance output:

┌──(geekflare㉿kali)-[~]
└─$ host          
Utilization: host [-aCdilrTvVw] [-c class] [-N ndots] [-t type] [-W time]
            [-R number] [-m flag] [-p port] hostname [server]
       -a is equal to -v -t ANY
       -A is like -a however omits RRSIG, NSEC, NSEC3
       -c specifies question class for non-IN knowledge
       -C compares SOA information on authoritative nameservers
       -d is equal to -v
       -l lists all hosts in a website, utilizing AXFR
       -m set reminiscence debugging flag (hint|document|utilization)
       -N modifications the variety of dots allowed earlier than root lookup is finished
       -p specifies the port on the server to question
       -r disables recursive processing
       -R specifies variety of retries for UDP packets
       -s a SERVFAIL response ought to cease question
       -t specifies the question sort
       -T permits TCP/IP mode
       -U permits UDP mode
       -v permits verbose output
       -V print model quantity and exit
       -w specifies to attend without end for a reply
       -W specifies how lengthy to attend for a reply
       -4 use IPv4 question transport solely
       -6 use IPv6 question transport solely

To seek out the IP deal with of the area

To seek out the IP deal with of a specific area, merely cross the goal area title as an argument after the host command.

host Goal-domain

Instance output:

┌──(geekflare㉿kali)-[~]
└─$ host geekflare.com
geekflare.com has deal with 104.27.118.115
geekflare.com has deal with 104.27.119.115
geekflare.com has IPv6 deal with 2606:4700:20::681b:7673
geekflare.com has IPv6 deal with 2606:4700:20::681b:7773
geekflare.com mail is dealt with by 1 aspmx.l.google.com.
geekflare.com mail is dealt with by 5 alt1.aspmx.l.google.com.
geekflare.com mail is dealt with by 5 alt2.aspmx.l.google.com.
geekflare.com mail is dealt with by 10 alt3.aspmx.l.google.com.
geekflare.com mail is dealt with by 10 alt4.aspmx.l.google.com.

For a sophisticated search, use within the superior mode -a or -v flag choice.

Instance output:

┌──(geekflare㉿kali)-[~]
└─$ host -a geekflare.com 
Attempting "geekflare.com"
;; ->>HEADER<<- opcode: QUERY, standing: NOERROR, id: 24690
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;geekflare.com.                 IN      ANY

;; ANSWER SECTION:
geekflare.com.          3789    IN      HINFO   "RFC8482" ""
geekflare.com.          3789    IN      RRSIG   HINFO 13 2 3789 20220307065004 20220305045004 34505 geekflare.com. HW0Lfr5HazPMaACSBHmFqs94usKUljX+kONW/8Q2jwQ1QoAO9DEMjwDX rIQKODGtGnEizj2SzBF98mC2uQr7hQ==

Obtained 161 bytes from 192.168.1.1#53 in 64 ms

This (-a) choice is used to seek out all area information and zone data. You too can see the native DNS server deal with used for the question.

To carry out reverse search

This command performs a reverse seek for the IP deal with and returns the host title or area title.

For instance, the syntax would appear to be this:

host target-ip-address

Instance output:

┌──(geekflare㉿kali)-[~]
└─$ host dnsleaktest.com                                                                                  
dnsleaktest.com has deal with 23.239.16.110
                                                                                                              
┌──(geekflare㉿kali)-[~]
└─$ host 23.239.16.110  
110.16.239.23.in-addr.arpa area title pointer li685-110.members.linode.com.

Should you copy and paste the pointer deal with (li685-110.members.linode.com.) into the online browser, you may be redirected to the web site.

To seek out area title servers

Use the -t choice to retrieve the area title servers. It’s used to specify the question sort.

Right here I cross the -t argument to seek out nameservers of a particular area title.

NS document specifies the authoritative title servers.

host -t ns target-domain

Instance output:

┌──(geekflare㉿kali)-[~]
└─$ host -t ns geekflare.com
geekflare.com title server olga.ns.cloudflare.com.
geekflare.com title server todd.ns.cloudflare.com.

To question a specific area title server

Use the command under to request particulars a few particular authoritative area title server.

host target-domain [name-server]

Instance output:

┌──(root💀kali)-[/home/geekflare]
└─# host geekflare.com  olga.ns.cloudflare.com.                                                           1 ⨯
Utilizing area server:
Identify: olga.ns.cloudflare.com.
Handle: 173.245.58.137#53
Aliases: 

geekflare.com has deal with 104.27.118.115
geekflare.com has deal with 104.27.119.115
geekflare.com has IPv6 deal with 2606:4700:20::681b:7773
geekflare.com has IPv6 deal with 2606:4700:20::681b:7673
geekflare.com mail is dealt with by 1 aspmx.l.google.com.
geekflare.com mail is dealt with by 5 alt1.aspmx.l.google.com.
geekflare.com mail is dealt with by 5 alt2.aspmx.l.google.com.
geekflare.com mail is dealt with by 10 alt3.aspmx.l.google.com.
geekflare.com mail is dealt with by 10 alt4.aspmx.l.google.com.

To seek out area MX information

For a listing of a website’s Mail Exchanger (MX) information.

host -t MX target-domain

Instance output:

┌──(geekflare㉿kali)-[~]
└─$ host -t mx  geekflare.com
geekflare.com mail is dealt with by 1 aspmx.l.google.com.
geekflare.com mail is dealt with by 5 alt1.aspmx.l.google.com.
geekflare.com mail is dealt with by 5 alt2.aspmx.l.google.com.
geekflare.com mail is dealt with by 10 alt3.aspmx.l.google.com.
geekflare.com mail is dealt with by 10 alt4.aspmx.l.google.com.

This MX document is answerable for forwarding an e mail to a mail server.

To seek out area TXT information

To get a listing of a website’s TXT information (human readable details about a website server).

host -t txt target-domain

Instance output:

┌──(geekflare㉿kali)-[~]
└─$ host -t txt geekflare.com
geekflare.com descriptive textual content "google-site-verification=MRSwa454qay1S6pwwixzoiZl08kfJfkhiQIslhok3-A"
geekflare.com descriptive textual content "google-site-verification=7QXbgb492Y5NVyWzSAgAScfUV3XIAGTKKZfdpCvcaGM"
geekflare.com descriptive textual content "yandex-verification: 42f25bad396e79f5"
geekflare.com descriptive textual content "v=spf1 embody:_spf.google.com embody:mailgun.org embody:zcsend.internet ~all"
geekflare.com descriptive textual content "ahrefs-site-verification_8eefbd2fe43a8728b6fd14a393e2aff77b671e41615d2c1c6fc365ec33a4d6d0"
geekflare.com descriptive textual content "ca3-7fbfaa573ba248ddb17a618e5b46ca01"

To seek out the area’s SOA document

To get a listing of a website’s SOA (begin of authority) information

host -t soa target-domain

Instance output:

┌──(geekflare㉿kali)-[~]
└─$ host -t soa geekflare.com
geekflare.com has SOA document olga.ns.cloudflare.com. dns.cloudflare.com. 2271966690 10000 2400 604800 3600

Use the command under to match the SOA information of all authoritative title servers for a given zone (the particular portion of the DNS namespace).

host -C target-domain

Instance output:

┌──(geekflare㉿kali)-[~]
└─$ host -C geekflare.com                                                                                 2 ⨯
Nameserver 173.245.58.137:
        geekflare.com has SOA document olga.ns.cloudflare.com. dns.cloudflare.com. 2271966690 10000 2400 604800 3600

To seek out area CNAME information

CNAME stands for canonical title document. This DNS document is answerable for redirecting from one area to a different, that means it maps the unique area title to an alias.

Use the command under to seek out out the area’s CNAME DNS information.

host -t cname target-domain

Instance output:

┌──(geekflare㉿kali)-[~]
└─$ host -t cname  geekflare.com
geekflare.com has no CNAME document

If the goal area title comprises CNAME information, they are going to be displayed after the command is run.

To seek out area TTL data

TTL stands for Time to Dwell. It’s a part of the Area Identify Server. It’s set mechanically by an authoritative title server for every DNS document.

In easy phrases, TTL refers to how lengthy a DNS server caches a document earlier than refreshing the information. Use the command under to view the TTL data of a website title.

host -v -t a target-domain

Instance output:

┌──(root💀kali)-[/home/geekflare]
└─# host -v -t a geekflare.com                                                                            1 ⨯
Attempting "geekflare.com"
;; ->>HEADER<<- opcode: QUERY, standing: NOERROR, id: 2479
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;geekflare.com.                 IN      A

;; ANSWER SECTION:
geekflare.com.          30      IN      A       104.27.119.115
geekflare.com.          30      IN      A       104.27.118.115

Obtained 63 bytes from 192.168.1.1#53 in 60 ms

Conclusion

I hope you discovered this text useful in studying some helpful examples of host instructions for querying DNS particulars.

You might also be serious about free on-line instruments to examine a website title’s DNS information.

Rate this post
porno izle altyazılı porno porno