Hello, aspiring Ethical Hackers. In this blogpost, you will learn about DNS enumeration. In our previous blogpost, you learnt what is enumeration and why is it performed, what are its uses and types of enumeration.
What is DNS enumeration?
DNS enumeration is the process of locating the DNS server and viewing its records. By performing this enumeration, an attacker can collect valuable information about the network such as DNS server names, hostnames, machine names, user names, IP addresses etc. You can learn more about the importance of DNS server in DNS Footprinting.
How to perform DNS enumeration?
There are a number of tools that can be used to perform this enumeration. Let’s see some of them.
1. Linux host command
The host command in Linux can be used to perform DNS lookup of a domain. It can be used to retrieve IP address information from domain name and vice versa. See the image below.
We can also query for specific types of records from the DNS server using ‘host’ command. Here are the various records of a DNS server.
Let’s query for mail servers and name servers as shown below.
2. dig
The dig (Domain Information Groups) command is tool for interrogating DNS servers. Just like host command, Dig can be used to perform DNS lookups and query DNS servers. For example, if we want to query for the name servers of a particular domain, we can do this as shown below.
Similarly, we can also query for mail servers and name servers as shown below.
Learn how to enumerate DNS with DNSenum, DNSrecon and DNSwalk.
Follow Us
