Open In App

What is DNS Enumeration?

Last Updated : 31 Aug, 2022
Improve
Improve
Like Article
Like
Save
Share
Report

In this article, we will learn about DNS Enumeration and the process of DNS enumeration with a practical approach.

Domain Name System(DNS) is nothing but a program that converts or translates a website name into an IP address and vice versa.

Example: A user enters  www.geeksforgeeks.org  in a browser, now the DNS will intercept this request and will fetch the corresponding IP address and connect the user to that fetched IP address.

DNS Enumeration is a technique used for Reconnaissance for better understanding of surface area of the Target systems(i.e. IP addresses).

  • The process of DNS Enumeration returns various important information about the target like DNS record types, host names, IP addresses and much more depending upon the configuration of that target system.
  • To perform DNS enumeration there are various open source tools, scripts available like Nmap, DNS recon etc.

Importance and Impacts:

Importance:

  • It helps in discovering the various services and hosts that are running on the domain.
  • It makes the target surface larger as we enumerate further.
  • Furthermore, it exposes the critical information about the target.

Impact:

  • The attacker can read about the system data and also can modify it.
  • It can also lead to various other potential DNS attacks.
  • It gives the Threat actor very critical details about the system that the attack can leverage to other attacks.

Steps of DNS Enumeration:

There are various tools to do DNS Enumeration, you are free to explore them by doing a simple web search about DNS Enumeration tools, but here we are going to use Nmap as an example:-      

Nmap:

It is a tool used to discover host and services that are currently running of a computer network. Nmap provides an extensive Script by the name dns-nsec-enum.

Command Usage:

nmap -sSU -p 53 --script dns-nsec-enum -
-script-args dns-nsec-enum.domains=example.com 
<target>
Enumeration through Nmap

 

 Output:  

In the above result, we didn’t find any NSEC records, but you can try different other scripts like dns-brute. nse, dns-cache-snoop. nse, and dns-check-zone. nse for more DNS Enumeration.

Prevention:

  • By restricting Zone Transfer by untrusted hosts.
  • By auditing regularly the DNS record to avoid the availability of unused DNS record.
  • Never that your private host remain private and doesn’t use public IP address.

Conclusion:

  • DNS enumeration is very powerful for target mapping.
  • You can simply do DNS Enumeration by your Linux or Windows terminal.
  • DNS Enumeration exposes many attack surfaces.
  • It is not possible to hide yourself from DNS Enumeration 100%.

Like Article
Suggest improvement
Previous
Cyber Security - Types of Enumeration
Next
SMTP Enumeration
Share your thoughts in the comments

Similar Reads

SMB Enumeration
User Enumeration in Ethical Hacking
What is RPC Enumeration?
What is Security Testing in Enumeration?
What is NTP Enumeration?
What is IPsec Enumeration?
SNMP Enumeration
SMTP Enumeration
What is NetBIOS Enumeration?
Script Http-Userdir-Enumeration Method
author
0xshivam
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox