DNS Enumeration

Domain Name System (DNS) is a protocol used to resolve domain names to IP addresses.

In the early days of the internet, users needed to remember the IP addresses of websites. This is obviously ridiculous and unsustainable. DNS resolved this issue by mapping names to IP addresses.
A DNS server (nameserver) is like a directory that contains domain names and their corresponding IP addresses, and serves this information upon request.
Many public DNS servers have been set up by large companies like Cloudflare and Google. These DNS servers contain the records of almost all domains on the internet.
Types of DNS records include:
- A – Resolves a domain to an IPv4 address.
- AAAA – Resolves a domain to an IPv6 address.
- NS – Reference to the domain nameserver (the keeper of the DNS record).
- MX – Resolves a domain to an email server.
- CNAME – Domain alias.
- TXT – Text records.
- SRV – Service records.
- PTR – Resolves an IP address to a hostname
The process of enumerating DNS records is called (often interchangeable) DNS enumeration, lookup or interrogation.
The objective of DNS enumeration is to probe a DNS server to get the DNS records for a specific domain.
This process can provide us with critical information like the IP addresses of domains, subdomains, mail servers, etc.

DNSRecon
– Comes prepackaged in Kali Linux
Command:

dnsrecon -d <domain name>