Social Icons

Wednesday, October 02, 2013

BACKTRACK 5 R3 : dnswalk

1.   In this post I am going to show how the dnswalk works.Before you use this tool...there is a small twist to the tale...almost all users who use this command will invariably get the message " You will have to enable the component called 'universe'"....and for this..so to resolve refer my immediate earlier post here.First lets see what are the features of this tool...what actually it does and what is the syntax ?

Main Features :
 
2.    Dnswalk is a DNS debugger. It performs zone transfers of specified domains, and checks the database in numerous ways for internal consistency, as well as accuracy. Dnswalk should NOT be used without a firm knowledge of the DNS RFC's. The warnings and errors must be interpreted within the context they are being used. Something may be flagged as a warning, but in reality it is a really bad error. Conversely dnswalk will flag things as warnings and possibly even errors, but they may actually be perfectly "legal" or normal in your specific situation. Dnswalk is not an AI engine. It just provides useful information which you need to interpret.

3.   Another important thing about the tool is w.r.t the syntax.The domain name specified on the command line MUST end with a '.' ie a dot.If u simply type in man dnswalk at the terminal,you will most of the info than I have bought here...The syntax and the switch functions are briefly bought out here :

SYNTAX : dnswalk [ -adilrfFm ] domain.

-r = Recursively descend sub-domains of the specified domain. Use with care.
-a = Turn on warning of duplicate A records. (see below)
-d = Print debugging and ‘status’ information to stderr. (Use only if redirecting stdout) See DIAGNOSTICS section.
-m = Perform checks only if the zone has been modified since the previous run.
-F = perform “forced” checking. When checking an A record, compare the PTR name for each IP address with the forward name and report mismatches.
-i = Suppress check for invalid characters in a domain name. (see below)
-l = Perform “lame delegation” checking. For every NS record, check to see that the listed host is indeed returning authoritative answers for this domain.

Below I have bought out few screen shots on how the command may be used and what it brings out.I have used two domains for practise here.One is certifiedhacker.com and iitk.ac.in.The former does not bring out much but the latter brings out more info that I find amazing......so the first command tries to find zone transfer records of the target domain.

Command : dnswalk -r iitk.ac.in.
(Click on the Image to Enlarge)
(Click on the Image to Enlarge)
This command with other switches can be used in the same manner as shown above with the following switch combinations :

dnswalk -i iitk.ac.in.

Turns on warning of duplicate A records

dnswalk -a iitk.ac.in.

Performs debugging on the site

dnswalk -d iitk.ac.in.

Checks whether the domains are been modified are not

dnswalk -m iitk.ac.in.

If you wish to perform all the above things through single command line argument you can type the following.The same is shown in the screen shot subsequently

dnswalk -riadmfl iitk.ac.in.

(Click on the Image to Enlarge)
(Click on the Image to Enlarge)
....and for a website that shows no result like certifiedhacker.com.....the screen shows the answer
(Click on the Image to Enlarge)



0 comments:

Post a Comment