In security research and ethical hacking, DNS enumeration is the first phase in the information gathering of a target. It’s the process of querying all potential DNS records from a domain name server like name server details, IP addresses, Mail exchanger details, TTLs, and more. Attackers may utilize this DNS-enumerated information to examine internal network records. There are numerous DNS recon and online enumeration tools available on the internet. However, the DNS enumeration can be accomplished easily with a single command-line utility. That is “HOST”. In this article, we’ll look at some useful host Command Examples for Querying DNS Details.  Let’s get started!

Installation

The “HOST” command sometimes may not be available by default on a newly installed machine. As a result, You’ll have to install it manually on the system. The process of installation is rather simple. All the DNS-related commands like nslookup, dig and host are contained in the “bind-utils” library. For that, just type the following command in the terminal. This HOST command works on both MAC and Linux.

Usage

General syntax: The general “host” command prints the command’s overall syntax and its arguments that can be used with it, as well as a brief description of each argument. Sample Output:

To find the domain IP address

To find the IP address of a particular domain, simply pass the target domain name as an argument after the host command. Sample Output: For a comprehensive lookup using the verbose mode, use -a or -v flag option. Sample Output: This (-a) option is used to Find All Domain Records and Zones Information. You can also notice the local DNS server address utilized for the lookup.

To perform Reverse Lookup

This command performs a reverse lookup on the IP address and displays the hostname or domain name. As an example, the syntax would be as follows: Sample Output: If you copy-paste the pointer address ( li685-110.members.linode.com.) in the web browser, you will be redirected to the website.

To find Domain Name servers

Use the -t option to get the domain name servers. It’s used to specify the query type. Here I am passing -t argument to find name servers of a specific domain name. NS record specifies the authoritative nameservers. Sample Output:

To query certain domain nameserver

To query details about a specific authoritative domain name server, use the below command. Sample Output:

To find domain MX records

To get a list of a domain’s MX ( Mail Exchanger ) records. Sample Output: This MX record is responsible for directing an email to a mail server.

To find domain TXT records

To get a list of a domain’s TXT ( human-readable information about a domain server ) record. Sample Output:

To find domain SOA record

To get a list of a domain’s SOA ( start of authority ) record Sample Output: Use the command below to compare the SOA records from all authoritative nameservers for a particular zone ( the specific portion of the DNS namespace ). Sample Output:

To find domain CNAME records

CNAME stands for canonical name record. This DNS record is responsible for redirecting one domain to another, which means it maps the original domain name to an alias. To find out the domain CNAME DNS records, use the below command. Sample Output: If the target domain name has any CNAME records, they will be displayed after running the command.

To find domain TTL information

TTL Stands for Time to live. It is a part of the Domain Name Server. It is automatically set by an authoritative nameserver for each DNS record. In simple words, TTL refers to how long a DNS server caches a record before refreshing the data. Use the below command to see the TTL information of a domain name. Sample Output:

Conclusion

I hope you found this article helpful in learning some useful host Command Examples for Querying DNS Details. You may also be interested in learning about free online tools to check DNS records of a domain name.

9 Useful Host Command Examples for Querying DNS Details - 699 Useful Host Command Examples for Querying DNS Details - 369 Useful Host Command Examples for Querying DNS Details - 209 Useful Host Command Examples for Querying DNS Details - 559 Useful Host Command Examples for Querying DNS Details - 799 Useful Host Command Examples for Querying DNS Details - 139 Useful Host Command Examples for Querying DNS Details - 129 Useful Host Command Examples for Querying DNS Details - 929 Useful Host Command Examples for Querying DNS Details - 189 Useful Host Command Examples for Querying DNS Details - 769 Useful Host Command Examples for Querying DNS Details - 939 Useful Host Command Examples for Querying DNS Details - 579 Useful Host Command Examples for Querying DNS Details - 159 Useful Host Command Examples for Querying DNS Details - 849 Useful Host Command Examples for Querying DNS Details - 789 Useful Host Command Examples for Querying DNS Details - 759 Useful Host Command Examples for Querying DNS Details - 239 Useful Host Command Examples for Querying DNS Details - 599 Useful Host Command Examples for Querying DNS Details - 309 Useful Host Command Examples for Querying DNS Details - 479 Useful Host Command Examples for Querying DNS Details - 809 Useful Host Command Examples for Querying DNS Details - 799 Useful Host Command Examples for Querying DNS Details - 81