What is a DNS lookup?

A domain has a number of records associated with it, a DNS server can be queried to determine the IP address of the primary domain (A record), mail servers (MX records), DNS servers (NS nameservers) and other items such as SPF records (TXT records).

Different tools provide this functionality, a common one being nslookup which is available on many operating systems including Microsoft Windows and most Linux distributions. Another tool found on Linux based systems is the dig tool. This is generally a more advanced tool that has a number of features that nslookup does not.

The DNS lookup tool uses the dig command line to show the response from a query of type any.

Security implications of DNS queries

By its nature external facing DNS is an open and public service, while the information is openly available you should be aware of what information is being revealed. Security penetration testers and attackers will use information collected from DNS to expand their knowledge of an organizations information technology infrastructure and from that knowledge begin to understand the attack surface.

For example, the SPF records that an organization can publish in order to improve email security can also reveal the IP addresses or hostnames of systems with the ability to send email. These services can all then become targets to be assessed and attacked.