DNS recon
Domain Name System (DNS) can provide valuable data during the reconnaissance phase. If you do not already understand DNS, you may want to take some time to get a good grasp of the service and how it works. At a very basic level, DNS is used to translate domain names into IP addresses. Luckily for us, there are many tools available that are excellent at extracting the data that we need from name servers. An example of the information you are able to gather includes:
Record |
Description |
---|---|
CNAME |
Alias, used to tie many names to a single IP. An IP address can have multiple CNAME records associated with it. |
A |
Used to translate a domain or subdomain name to a 32-bit IP address. It can also store additional useful information. |
MX |
Ties ... |
Get Advanced Penetration Testing for Highly-Secured Environments - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.