Domain Name Server (DNS) is like a map or an address book. In fact, it is like a distributed database which is used to translate an IP address 184.108.40.206 to a name www.example.com and vice versa.
DNS enumeration is the process of locating all the DNS servers and their corresponding records for an organization. It is to gather as many interesting details as possible about your target before initiating an attack. DNS servers that can yield information such as usernames, computer names, and IP addresses of potential target systems. DNS enumeration is done to find large amounts of information. The DNS system often holds various types of data associated with a domain. Information gathered by DNS Enumeration can be used by an attacker in various breaches, especially while initiating DNS Tunneling.
You can use nslookup command available on Linux to get DNS and host-related information. In addition, you can use the following DNSenum script to get detailed information about a domain-DNSenum.pl
The dnsenum script can perform the following important operations −
- Get the host's addresses
- Get the nameservers
- Get the MX record
- Perform axfr queries on nameservers
- Get extra names and subdomains via Google scraping
- Brute force subdomains from a file can also perform recursion on a subdomain that has NS records.
- Calculate C class domain network ranges and perform whois queries on them
- Perform reverse lookups on entrances