dnsrecon reverse lookup

This topic contains 1 reply, has 2 voices, and was last updated by  vulninux 4 years, 6 months ago.

  • Author
    Posts
  • #8807
     kashton 
    Participant

    Sorry for a lot of encoding… I had to encode the actual domain names and IP addresses. Hopefully it will not change my question.

    This was the output of dnsrecon -d pentest_domain.com :


    DNSSEC is not configured for pentest_domain.com
    [*] SOA ns8297.godaddy.com XXX.XXX.XXX.2
    [*] NS ns8297.godaddy.com XXX.XXX.XXX.2
    [*] Bind Version for XXX.XXX.XXX.2 dnsmasq-2.15-OpenDNS-1
    [*] NS ns8298.godaddy.com XXX.XXX.XXX.20
    [-] Recursion enabled on NS Server XXX.XXX.XXX.20
    [*] Bind Version for XXX.XXX.XXX.20 dnsmasq-2.15-OpenDNS-1
    [*] MX pentest_domain.com XXX.XXX.XXX.200
    [*] A pentest_domain.com XXX.XXX.XXX.200
    [*] TXT pentest_domain.com v=spf1 a mx ptr include:bluehost.com include:relay.pentest_domain 2.com ?all
    [*] TXT _domainkey.pentest_domain.com o=~
    [*] Enumerating SRV Records
    [-] No SRV Records Found for pentest_domain.com
    [*] 0 Records Found

    I thought that I got the domain’s IP address in the following record:
    A pentest_domain.com XXX.XXX.XXX.200

    Then I ran dnsrecon -r XXX.XXX.XXX.1-XXX.XXX.XXX.200
    But the above command didn’t return pentest_domain.com

    Am I doing something wrong?

  • #54160
     vulninux 
    Participant

    Hi kashton I’m also a newbie here. Well i really dont know what do you wanna do, it seems that your in active info gathering phase. We have lots of tools for dns enumeration (even online). If your problem is getting two IPs for a domain, i wanaa say its normal and if the 2nd ip dosent return your domain it is also normal.

    For example if you ping google.com each time you’ll get a different ip address and its because of load balancing
    Your target might impelement edge servers for security and ..
    Multiple domains can point to a single ip address so u need to perform a reverse lookup search to findout if the ip can return your domain or not.

    In active info gathering i suggest you to find their public ip range (Cidr) and search the range to find alive hosts. Then you must identify what the task of each host and the relationship between identified hosts

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?