Gathering Domain Name Info

Gathering Domain Name Information in Ethical Hacking

In ethical hacking, gathering domain name information is a key part of reconnaissance. It involves collecting data about a target's domain to understand its infrastructure, discover associated IP addresses, and uncover potential vulnerabilities. This phase of information gathering is crucial for identifying exploitable areas without actively engaging with the target’s systems.

Why Domain Name Information is Important

A domain name is more than just a website address; it often reveals critical details about the target's network, including DNS records, subdomains, email servers, and hosting providers. Understanding these components can help ethical hackers assess security flaws or exposed services that can be leveraged during a penetration test.

Tools for Gathering Domain Name Information

1. WHOIS Lookup

   WHOIS databases store registration information about domain names. A WHOIS lookup can reveal:

• The domain owner’s contact details.
• Registration and expiration dates.
• The domain’s registrar.
• Associated nameservers ( explained in notes section ).

   Tools like whois and online platforms such as whois lookup or icann lookup can be used to access this information.

Here we will see a pratical example for whois lookup

• Go to whois domaintools website

• Enter website domain in the search bar and hit enter. Here we will search for github.com

• here we can see we are getting a bunch of information like registrar details, domain names age, nameserver details, ip address, ip location, hosting history, phone numbers or emails ( if privacy is not applied ) etc.
• On the right hand sidebar, you can see more tools but it requires signup/signin for it. Here we are going to use reverse ip address lookup, click on the down arrow and select ip address available

• here we see the ip address was associated with more than 3 websites previously ( as ip addresses are not permanent and can change )

   Similarly we can ICANN lookup as well

• Go to icann lookup website

•  Put domain name in the search box, hit enter, and we will get following results

• here we again get domain informarion, registar information, domain age, contact information etc.

Notes

In the above whois lookup for github.com we got nameserver information, here's little detailed article on name server information if you are interested in reading

Understanding Nameservers: A Look into GitHub's WHOIS Lookup

Nameservers are a crucial part of the Domain Name System (DNS) infrastructure. They act as the bridge between human-readable domain names and the machine-readable IP addresses necessary for routing traffic on the internet. Essentially, nameservers tell web browsers where to find the specific servers hosting a website.

What Are Nameservers?

When you type a domain name like github.com into your browser, your computer queries a nameserver to find out which IP addresses are associated with that domain. Nameservers store DNS records that map domain names to their respective IP addresses, allowing users to access websites without needing to remember complex numerical addresses.

Every domain must have at least one nameserver, but most have multiple to ensure redundancy and faster access. For example, a large, distributed service like GitHub relies on a network of nameservers to handle traffic efficiently.

Nameserver Found in GitHub's WHOIS Lookup

During a WHOIS lookup of github.com, one of the nameservers listed is DNS1.P08.NSONE.NET. This is one of the servers GitHub uses to manage its DNS queries. Let's break down what this tells us:

• DNS1: This indicates that it is the primary nameserver in a series, with likely additional servers (DNS2, DNS3, etc.) for redundancy.
• P08: This might be a reference to the particular server location or cluster.
• NSONE.NET: This indicates that GitHub uses the DNS service provided by NS1, a high-performance DNS provider known for managing traffic at scale for large companies.

NS1 is known for its advanced features like real-time traffic management and globally distributed servers, which are crucial for a platform like GitHub, ensuring fast and reliable DNS resolution no matter where the user is located.

Why Are Nameservers Important?

Nameservers play a pivotal role in:

• Domain Resolution: Translating domain names into IP addresses.
• Traffic Management: Efficiently routing internet traffic to the closest or least congested server.
• Redundancy: Providing backup routes in case one nameserver fails.
• Load Balancing: Distributing user traffic across multiple servers to improve speed and performance.

Without proper nameservers, a domain would not be accessible, leading to downtime and a poor user experience. For a platform like GitHub, which hosts millions of developers, having a fast and reliable DNS provider like NS1 is critical to keeping the service running smoothly.