I’m going to look briefly at a Linux command every day for a month. Today:
dig. This isn’t intended to be a tutorial, just some brief notes for fun
dig is a fun command that I’ve used on occasion over the years. I never new it stands for “Domain Information Groper”, which is a nice way of envisaging what it does - ferreting around a DNS server to figure out what records a domain has.
This is sometimes quite illuminating. I run something like:
dig example.com ANY
I get results that include A records, MX records, but what I find interesting is the TXT records. TXT records are often used for validation. For example:
example.com. 300 IN SPF "v=spf1 include:_spf.zdsys.com include:_spf.google.com include:mail.zendesk.com include:sendgrid.net include:spf.mandrillapp.com ~all"
I can see that this hypothetical domain is set up for Zendesk. This can be used by attackers as part of enumerating services an organisation uses to collate attack vectors, so it’s worth knowing what information your DNS is telling the world about your org!
You can go back-to-front as well!
$ dig -x 184.108.40.206 +short dns.google.
dig is quite a friendly command to use, in my view, and a fair amount of information is right at your fingertips.
Use cases include:
- Checking what records are on a domain
- Finding out what name servers its using
- Reverse lookups - going from an IP to a domain
- Demystifying DNS