DNS Enumeration is the process of locating all the DNS servers and their corresponding records for an organization.DNS is like a map or an address book. In fact, it is like a distributed database that is used to translate an IP address 18.104.22.168 to a name www.example.com and vice versa.
DNS Enumeration is used to gather as many interesting details as possible about your target before initiating an attack. DNS servers that can yield information such as usernames, computer names, and IP addresses of potential target systems.
DNS enumeration is done to find large amounts of information. The DNS system often holds various types of data associated with a domain. Information gathered by DNS Enumeration can be used by an attacker in various breaches, especially while initiating DNS Tunneling.
DNS Zone Transfer used to replicate DNS data across a number of DNS servers or to back up DNS files. A user or server will perform a specific zone transfer request from a ―name server.
If the name server allows zone transfers by an anonymous user to occur, all the DNS names and IP addresses hosted by the name server will be returned in human-readable ASCII text.
Tools used for DNS Enumeration
You can use nslookup command available on Linux to get DNS and host-related information. In addition, you can use the following DNSenum script to get detailed information about a domain-DNSenum.plThe dnsenum script can perform the following important operations −
- Get the host’s addresses
- Get the nameservers
- Get the MX record
- Perform axfr queries on nameservers
- Get extra names and subdomains via Google scraping
- Brute force subdomains from a file can also perform recursion on a subdomain that has NS records.
- Calculate C class domain network ranges and perform whois queries on them
- Perform reverse lookups on entrances
If your DNS is not configured in a secure way, it is possible that lots of sensitive information about the network and organization can go outside and an untrusted Internet user can perform a DNS zone transfer.