DEV Community

Hosea Ngeywo
Hosea Ngeywo

Posted on

DNS Enumeration Part 1(HOST)

#dnstool #dnsenumeration #host #reverselookup

Key Questions

What is DNS enumeration? How does it differ from more common forms of reconnaissance? What tools can you use to perform DNS (Domain Name Service) enumeration? I'll answer these questions and more in this article.

Definition

While the Internet is much more robust than any other form of communication, there are some basic methods used to find out its structure and elements. While these methods also allow for gathering information about an organization, they can be used by attackers as well.

DNS enumeration is one of these ways. The term 'DNS' stands for Domain Name System and in general, refers to the service responsible for translating hostnames (such as akarns.com) into IP addresses. For example, if your computer accesses akarns.com directly and asks the DNS server how to find this URL, it will return its address in an A record's name field. DNS server also has resources that let you know what type of record exists at a given point in time and whether changing it will affect something specific (to you).

DNS Enumeration Tools

There are numerous tools used to perform DNS enumeration. However, the decision to use a particular tool solely depends on the attacker's preferences. Many prefer automated tools but in our discussion, I will try to explain manually available tools to better understand the working of different tools. This article covers the following tools: Host, nslookup, and dig.

Host

The term host basically means a piece of software whose task is to parse DNS domain names, IP addresses, and query strings in a specific format. Host command can be used to convert domain names to IP addresses and IP back to domain names.

The syntax to perform host enumeration is:
host domain_name
Image description
Running the command above returned the IP address of the host domain.
Name servers
To find the name servers the domain run on you add the -t tag followed by ns(name server). The -t denotes the type.
host -t ns example.com
Image description
Mail server
To get the mail server you add mx to the -t tag.
host -t mx example.com
Image description
Reverse lookup
In a scenario where you only have the IP address but you don't know the domain, the reverse lookup will be the best method to use. If the output doesn't present a domain then I will prefer using a web-based tool called shodan.io.
host ip_address
Image description

In the next article, I will cover nslookup and dig commands.
Thanks for reading I look forward to your feedback.

Top comments (0)

Read next

keremcanseker profile image

There was an error while hydrating this Suspense boundary. Switched to client rendering. Next.js 14

Keremcan Şeker -

shaikhalamin profile image

Install aws cli in ubuntu

Shaikh Al Amin -

joestrout profile image

HWYDT: Snake Game

JoeStrout -

enzo_luigi_00e501b2ebc487 profile image

i need help for this,I need to make sure that the photo saved in the storage when logging out can be brought back to the user

Enzo Luigi -