Use the Spade tool to check DNS.
- Use the dig tool in Spade to obtain the authoritative DNS for the organization (it will also provide mail server, etc, IP numbers).
- A zone transfer asks the authoritative name server of an organization for all the information it knows about a domain (it should not provide the information).
- Mail relay check asks a mail server to relay mail for you (it should not relay your message).
- Countermeasures: deny all unauthorized inbound connections to port 53. You can also set directives to the DNS server (see book). This prevents zone transfer, but not nslookup to each IP number.
- traceroute (tracert) allows to study the network topology (identify the nodes in the network). See this example.