DNS Footprinting - Extract DNS and Reverse Lookup

DNS Footprinting is used by attackers to obtain information on DNS servers, DNS records, and the types of servers used by the target organisation. This information enables attackers to identify the hosts linked to the target network and conduct additional exploitation on the target organisation.

DNS footprinting helps in determining the following records about the target DNS:

Record Type Description
A Points to a host's IP address
MX Points to the domain's mail server
NS Points to the host's name server
CNAME Canonical naming allows aliases to a host
SOA Indicate authority for a domain
SRV Service records
PTR Maps IP address to a hostname
RP Responsible person
HINFO Host information record includes CPY types and OS
TXT Unstructured text records

DNS interrogation tools such as DNS Lookup enable users to perform DNS footprinting. When the attacker uses the DNS interrogation tool to query the DNS server, the server responds with a record structure containing information about the target DNS. DNS entries contain critical information about the location and type of server. 

Tools like DNSdumpster.com, Bluto, and Domain Dossier can be used to retrieve DNS records for specified domains or hostnames. 

Reverse Lookup

DNS lookup is used to find the IP addresses for a given domain name, while reverse DNS is used to find the domain name of a given IP address. A record converts a domain name to an IP address (To know more - https://www.cyberwiki.in/2020/12/dns-servers-explained.html). Attackers use a reverse DNS lookup on the IP range to find a DNS PTR record for such IP addresses. 

Attackers use various tools such as DNSRecon and Reverse IP Domain Check to perform the reverse DNS lookup on the target host. When we get an IP address or a range of IP addresses, we can use these tools to obtain the domain name. Attackers also discover additional domains that use the same web server and build a list of potential domains that use the same web server using tool like Reverse IP Domain Check. 

You might be interested in, 

No comments:

Post a Comment