What is a DNS server?
A DNS server is a server/computer on the internet the resolves hostnames/domains to IP addresses.
It is responsible for the management, maintenance and the processing of Internet domain names and their associated records.
In essence, DNS servers give out nameserver and mail server information for the domain it is responsible for.
What is DNS enumeration?
DNS enumeration is also referred to as DNS interrogation.
It involves all the techniques that are used to gather as much information as possible from the DNS server. DNS enumeration is the process of locating all the DNS servers and their corresponding records for a domain.
DNS enumeration will yield computer names, and IP addresses and mail servers of particular domains.
Tools we will be using
Host is used to determine the IP address a domain resolves to.
Select ns for nameservers and domain
Select ns for mail servers and domain
Using Dig for DNS Enumeration
Dig is one of the most commonly used tools for DNS enumeration, it is also referred to as the DNS swiss army knife.
- A – The A record holds the IP address associated with the domain
- AAAA – Holds the IPV6 address for the domain
- CNAME – (Canonical name record) – Maps one domain to another domain (Very useful)
- MMX– The mx record lists the addresses associated with the mail exchanger
- PTR – Pointer records which are used in reverse DNS lookups
- AXFR – Authority for zone transfer – is used to make name server return all the records of a particular domain (This is very useful as we will see in the next videos as it can divulge internal addresses and private subdomains)
- Domain Lookup – dig hsploit.com
- Mail server lookup – dig hsploit.com -t mx
- Name server lookup – dig hsploit.com -t ns
- AAAA lookup – dig hsploit.com AAAA
- CNAME Lookup – dig hsploit.com CNAME
Returning important data only
We use the +short command to return only the important information.