We previously looked at DNS servers and the various DNS records. These records provide a lot of information about a domain being analyzed. You can use the nslookup command to get some of the information. We like to use the dig command instead. As you can see, the dig command can provide a good amount of information for a domain of interest. Here is an example.

From here, you can see the IP address where the website is hosted as shown by the A record, 54.235.215.6. You can also see the Nameserver information, giving you a hint of where the domain name is registered.

What makes dig better than nslookup? First, some Linus distributions do not perform zone transfers. A zone transfer asks the DNS to transmit all records for the domain. This gives us more information that can be of great use. The dig command allows us to invoke a zone transfer by using the -t AXFR option as follows:

dig @[server] [domain] -t AXFR

We will cove the uses of zone transfer in more detail in a follow-up post.