The DNS system is involved with almost everything connected to the Internet. Here at SecurityTrails, we use it to build our core products and services focusing on passive DNS information, domain names, IP addresses, SSL certificates and port scanning.
If you’re a veteran or average infosec user, you probably already know how to find what’s your DNS, but the newbies among you now discovering the cybersecurity and infosec market may find these utilities and tricks useful. These resources can prevent accidents such as DNS misconfiguration issues, or avoid attacks by reducing the vulnerable attack surface areas of your DNS infrastructure. So let’s explore the best ways to answer the question: What’s my DNS?
Importance of detecting DNS and name servers changes
We’ve seen how important it is to find subdomains when running the reconnaissance phase of an infosec investigation, as detailed in our entry Top 7 Subdomain Scanner Tools.
In the same way, detecting what’s your DNS for A, TXT, MX, etc. records can be very helpful for gathering valuable intelligence data about any type of domain name.
Getting the accurate information about any domain DNS configuration is useful for a wide range of scenarios, such as:
- Infosec research: DNS records can reveal critical information that might later be used to exploit services, or point you in the right way to discover unseen attack surface zones.
- Avoiding DNS misconfigurations and recovering lost DNS records: If you’ve introduced the wrong IP number or deleted a DNS record without backup, knowing ‘what’s your DNS’ can help you identify the error and reverse the changes, avoiding major services outages. It’s especially useful as a way to recover lost DNS records.
- Avoiding domain hijacking: Knowing your DNS and current name servers can help prevent and quickly mitigate domain hijacking attacks (especially during the DNS propagation period once the DNS TTL has passed) that could affect many domain owners.
SecurityTrails DNS Checker: the best way to find out ‘what’s my DNS?’
What’s my DNS? That’s a pretty common question among website owners. Because there are several ways to find out what’s your DNS, let’s start with the basics: How can I find it quickly without a terminal or command line-based tool?
If all you need is to find your current DNS records, it only takes a moment from our web-based interface:
- Go to www.securitytrails.com
- Input any domain name
- Explore the results, as shown in the following video:
Once the results are displayed, you’ll be able to explore all types of DNS records such as A, AAAA, TXT, SOA and MX. Our interface will also clearly show you the hosting provider for each of the DNS records.
What’s my historical DNS?
Just as you can explore your current DNS, there’s also a way to discover past DNS records for any given domain name.
Here at SecurityTrails we collect passive DNS data, so you can query for old DNS records easily and at any time. Here’s how to do it with our intelligence platform:
- Go to www.securitytrails.com
- Enter the domain name
- Click on “Historical Data” in the left menu.
And that’s it! You not only have access to your current DNS records, but also past records dating back by days, months or even years:
Click on each record type to explore the values for A, AAAA, MX, NS, SOA and TXT records. As you’ll see in the following example, you can filter by ‘First seen’, ‘Last seen’ and ‘Duration seen’ to sort results in the order that best suits your needs.
What’s my DNS: getting results using terminal-based tools
If you’re wondering how to identify your domain DNS server records’ addresses under Linux and Unix operating systems, there are several tools to help you find your current DNS records for any given domain name.
Dig is a command-based tool designed to explore your current DNS records and name servers.
To detect what’s your DNS, just type:
This will reveal the general DNS information for any domain name. In this next example, we ran the command against our own domain name securitytrails.com
As you can see, the dig command is a handy domain tool for getting A type DNS record information, as well as other relevant details including your domain name server configuration and the current IP values for each name server involved:
Dig is also effective for detecting MX records:
[research@securitytrails ~]$ dig MX securitytrails.com +short 5 alt1.aspmx.l.google.com. 5 alt2.aspmx.l.google.com. 1 aspmx.l.google.com. 10 aspmx3.googlemail.com. 10 aspmx2.googlemail.com. Nslookup
Nslookup is another classic tool for quickly answering the question ‘What’s my DNS?’ While it’s mostly used on Windows, it can also work on Unix and Linux=based operating systems to perform simple DNS lookups.
The syntax is simple:
[research@securitytrails ~]$ nslookup securitytrails.com Server: 192.168.1.1 Address: 192.168.1.1#53 Non-authoritative answer: Name: securitytrails.com Address: 126.96.36.199
At the bottom of the results, you’ll find the current DNS A record for the securitytrails.com domain name.
The famous ping command, widely used among sysadmin and network administrators roles, is another viable option for quickly finding your current DNS records.
This command is fairly simple: it send packets and waits for the response from the remote server. When the server answers back (if ICMP echo 8 is enabled) you’ll get a lot of network information—but the most important part is the IP address you get.
In the following example, the server answered back with the IP 188.8.131.52. Be aware that ping results may vary if there is a round robin DNS setup with multiple IP addresses configured at the DNS zone.
[research@securitytrails ~]$ ping securitytrails.com PING securitytrails.com (184.108.40.206) 56(84) bytes of data. 64 bytes from 220.127.116.11 (18.104.22.168): icmp_seq=1 ttl=56 time=65.8 ms 64 bytes from 22.214.171.124 (126.96.36.199): icmp_seq=2 ttl=56 time=48.6 ms 64 bytes from 188.8.131.52 (184.108.40.206): icmp_seq=3 ttl=56 time=52.1 ms 64 bytes from 220.127.116.11 (18.104.22.168): icmp_seq=4 ttl=56 time=51.10 ms 64 bytes from 22.214.171.124 (126.96.36.199): icmp_seq=5 ttl=56 time=49.7 ms ^C --- securitytrails.com ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 1003ms rtt min/avg/max/mdev = 48.601/53.623/65.757/6.211 ms [research@securitytrails ~]$
And there you have it. These are the top classic terminal-based commands available for answering the question: What’s my DNS?
Today we learned that having a direct way to detect your DNS records can be extremely useful in a lot of situations and scenarios: from investigating current DNS issues, to recovering lost DNS configurations, to discovering and reducing the vulnerable attack surface points within your online infrastructure.
Fortunately, performing a DNS audit to discover what’s your DNS infrastructure is easy with our free DNS lookup tools. And if you work for a red or purple team, you can also take advantage of our enterprise-grade all-in-one product SurfaceBrowser™, which will give you an even a deeper look into all your DNS, domain, IP, SSL and open ports configuration. Book a demo with our sales team today!