nslookup

• nslookup can be used for reverse dns lookup and forward dns lookup
• Reverse lookup can be performed using the following format nslookup IP_TO_LOOKUP DNS_SERVER
  • Ex: nslookup 10.0.5.21 10.0.5.22

nmap

• nmap can be used to find DNS servers as well
• The common DNS port it 53, so running a scan for port 53 using nmap could identify a DNS server
• nmap can be used for reverse lookup as well. Using the --dns-servers tag, you can specify a dns server to use to perform a reverse lookup on a network. The -sL tag can be used on top of this too.

DNS Resolution

Powershell

• Resolve-DnsName is used for DNS resolution in PowerShell
• -Server allows for specification of a DNS server
• -DnsOnly resolves the query using only the DNS protocol
• Example use: Resolve-DnsName -DnsOnly 192.168.3.10 -s]Server 192.168.4.5