Thiago Teixeira

EN | PT

nslookup / dig

DNS query utilities for name resolution and record inspection.

Network Recon & Monitoring Built-in OS CLI Practiced in lab Windows Linux macOS

Cyber Kill Chain & Defender Lifecycle

Attacker — Kill Chain

1 Reconnaissance

2 Weaponization

3 Delivery

4 Exploitation

5 Installation

6 Command & Control

7 Actions on Objectives

Defender — IR Lifecycle

8 Detection / Monitoring

9 Containment & Eradication

10 Post-incident Forensics

Description

The DNS interrogation pair:

nslookup — universal, ships with Windows and most Unix.
dig — richer output, scriptable; preferred for incident response and record auditing.

Use them to resolve a suspicious domain to its current IPs, list MX/NS/TXT records (often used as C2 channels), check authoritative answers vs. cached ones, and detect DNS hijacking.

Use cases

Resolving a suspicious domain to current IPs
Inspecting TXT/NS records used as C2 channels
Comparing authoritative vs. local-cache answers

Example

dig +short evil.example.com A
dig @8.8.8.8 evil.example.com ANY
nslookup -type=mx example.com