Interrogating the DNS servers
DNS servers exist to provide an association between the IP addresses that computers use and the domain names that people use. Usually, companies and organizations use multiple subdomains and may even use multiple domain names for a given IP address. Naturally, this means DNS servers are a wealth of information for a penetration tester looking to define the public footprint of an organization and map out his/her attack surface.
The first command-line tool we will be using here is called Dig. Dig is essentially a DNS lookup Swiss Army knife and facilitates just about everything you would need to know about a given domain or the domains related to an IP address. Using Dig, you will be emulating—actually performing—the ...