Dnsrecon

How to Use the dnsrecon Tool for DNS Enumeration

The dnsrecon tool is a powerful utility used in the information gathering phase of penetration testing to perform DNS reconnaissance. Below is a guide on how to utilize dnsrecon with different options to conduct DNS enumeration on a target domain:

1. Basic DNS Enumeration

dnsrecon -d megacorpone.com

Explanation: This command initiates a basic DNS enumeration on the domain megacorpone.com. It gathers various DNS records such as A, AAAA, MX, and NS, providing a comprehensive overview of the domain's DNS configuration.

2. Querying Zone Transfer

dnsrecon -d zonetransfer.me -t axfr

Explanation: This command tries to perform a DNS zone transfer on the domain zonetransfer.me. A zone transfer allows for the replication of DNS databases across a group of DNS servers. Using the -t axfr option specifies that a zone transfer query is to be conducted. It is important to note that zone transfers should ideally be restricted to authorized DNS servers to prevent the exposure of sensitive information.

3. Subdomain Bruteforcing

dnsrecon -d zonetransfer.me -D /opt/secLists/Discovery/DNS/subdomains-top1million-110000.txt -t brt

Explanation: This command conducts subdomain bruteforcing on the domain zonetransfer.me utilizing a specified wordlist found at /opt/secLists/Discovery/DNS/subdomains-top1million-110000.txt. The -t brt option indicates that a bruteforce attack is to be conducted to discover potential subdomains. This method can unveil hidden or non-public subdomains that might host various services or applications.

PreviousHostNextDnsenum

Last updated

Was this helpful?