Last updated
Was this helpful?
Last updated
Was this helpful?
Adversaries may gather information about the victim's DNS that can be used during targeting. DNS information may include a variety of details, including registered name servers as well as records that outline addressing for a target’s subdomains, mail servers, and other hosts. DNS, MX, TXT, and SPF records may also reveal the use of third party cloud and SaaS providers, such as Office 365, G Suite, Salesforce, or Zendesk.
Each domain can use different types of DNS records. Some of the most common types of DNS records include:
NS: Nameserver records contain the name of the authoritative servers hosting the DNS records for a domain.
A: Also known as a host record, the "a record" contains the IPv4 address of a hostname (such as www.megacorpone.com).
AAAA: Also known as a quad A host record, the "aaaa record" contains the IPv6 address of a hostname (such as www.megacorpone.com).
MX: Mail Exchange records contain the names of the servers responsible for handling email for the domain. A domain can contain multiple MX records.
PTR: Pointer Records are used in reverse lookup zones and can find the records associated with an IP address.
CNAME: Canonical Name Records are used to create aliases for other host records.
TXT: Text records can contain any arbitrary data and be used for various purposes, such as domain ownership verification.
The dig (domain information groper) command is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the queried name server(s).
Nslookup is a native Windows & Linux command that may be used as a to perform DNS enumeration
is a Python script that provides the ability to perform DNS enumeration.
scans a domain for common subdomains using a built-in or an external wordlist (if specified using -w option). The internal wordlist has around 1000 words
Dnsenum is a multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks. The main purpose of Dnsenum is to gather as much information as possible about a domain.
is a usefull website to perform DNS enumeration.
MITRE ATT&CK™ Gather Victim Network Information: DNS - T1590.002