DNSx – DNS Toolkit Allow To Run Multiple DNS Queries
DNS Query is crucial in Penetration Testing. DNS Query, also known as DNS Request, demands data sent from a user’s system or DNS Client to DNS Server. In most cases, DNS Request is passed to ask for the IP address associated with a domain name. But we can customize DNS Requests as per our needs. To resolve DNS Queries, we have a tool named dnsx. dnsx tool is a Go language-based tool. dnsx is a fast and multi-purpose DNS toolkit that allows running multiple probes using a retryabledns library that will enable you to perform various DNS queries of your choice with a list of user-supplied resolvers that supports DNS wildcard filtering like shuffled.
Features of DNSx Tool
- It is handy and a straightforward utility to query DNS records.
- It has support to A,AAAA,CNAME,PTR,NS,MX,TXT,SOA.
- It also supports DNS Status code probing
- It has support for DNS Tracing.
- It handles wildcard subdomains in an automated way.
- It is open-source and free to use.
- It has support to Stdin and Stdout, which can work with other tools.
Installation of DNSx Tool on Kali Linux OS:
Step 1: If you have downloaded Golang in your system, verify the installation by checking the version of Golang, use the following command.
Step 2: Get the DNSx repository or clone the DNSx tool from Github, use the following command.
sudo GO111MODULE=on go get -v github.com/projectdiscovery/dnsx/cmd/dnsx
Step 3: Check the help menu page to get a better understanding of DNSx tool, use the following command.
Working with DNSx Tool
Example 1: Filtering dead records from a list of passive subdomains
In this example, we will be collecting the subdomains associated with our target domain (geeksforgeeks.org) by filtering the dead records.
subfinder -silent -d geeksforgeeks.org | dnsx
In the below Screenshot, we are trying to open www.qa.geeksforgeeks.org which has a dead record. You can see that there is a connection issue as this subdomain has no longer access.
Example 2: Print A records for the given list of subdomains
In this example, we are collecting the Subdomains along with their a record. A record indicates the IP address of the Subdomain.
subfinder -silent -d geeksforgeeks.org | dnsx -silent -a -resp
Example 3: Extract A records for the given list of subdomains
In this example, we are Extracting or filtering IP addresses from subdomains or records.
subfinder -silent -d geeksforgeeks.org | dnsx -silent -a -resp-only
Example 4: Extract CNAME records for the given list of subdomains
In this example, we are Extracting CNAME records from the list of subdomains. The CNAME record is a type of DNS record that maps an alias name to a true or canonical domain name.
subfinder -silent -d geeksforgeeks.org | dnsx -silent -cname -resp
Example 5: Probe DNS Status code on a given list of subdomains
In this example, we will be collecting the information about the DNS Status Code Probe, in this, the status of each subdomain is displayed whether the subdomain has any issue or whether it has NO ERROR.
subfinder -silent -d geeksforgeeks.org | dnsx -silent -rcode noerror,servfail,refused
Example 6: Extract subdomains from given network range using PTR query
In this example, we are extracting Subdomains from a range of IP addresses of network range. In this example, we have provided the IP range of geeksforgeeks.org. PTR provides the domain name associated with an IP address. It’s oppositive to A record.
echo 184.108.40.206/24 | dnsx -silent -resp-only -ptr
Example 7: Wildcard filtering
In the below Screenshot, we have the list of subdomains of our target geeksforgeeks.org.
dnsx -l geeksforgeeeks.org_subdomains.txt -wd geeksforgeeks.org -o output.txt
In this example, we are handling the multi-level DNS-based wildcards which increase beyond a certain small threshold, it will check for wildcards on all the levels of the hosts for that IP iteratively.
In the below Screenshot, we have saved the output in the output.txt file using the -o flag.
So DNSx Tool is an excellent tool for querying DNS. You can use various tools along with this. In the above examples, we have used the SubFinder tool for getting the massive list of subdomains for our target. This list is provided to the DNSx tool for making DNS queries.