dnsrecon reverse lookup

Viewing 1 reply thread
  • Author
    • #8807

      Sorry for a lot of encoding… I had to encode the actual domain names and IP addresses. Hopefully it will not change my question.

      This was the output of dnsrecon -d pentest_domain.com :

      DNSSEC is not configured for pentest_domain.com
      [*] SOA ns8297.godaddy.com XXX.XXX.XXX.2
      [*] NS ns8297.godaddy.com XXX.XXX.XXX.2
      [*] Bind Version for XXX.XXX.XXX.2 dnsmasq-2.15-OpenDNS-1
      [*] NS ns8298.godaddy.com XXX.XXX.XXX.20
      [-] Recursion enabled on NS Server XXX.XXX.XXX.20
      [*] Bind Version for XXX.XXX.XXX.20 dnsmasq-2.15-OpenDNS-1
      [*] MX pentest_domain.com XXX.XXX.XXX.200
      [*] A pentest_domain.com XXX.XXX.XXX.200
      [*] TXT pentest_domain.com v=spf1 a mx ptr include:bluehost.com include:relay.pentest_domain 2.com ?all
      [*] TXT _domainkey.pentest_domain.com o=~
      [*] Enumerating SRV Records
      [-] No SRV Records Found for pentest_domain.com
      [*] 0 Records Found

      I thought that I got the domain’s IP address in the following record:
      A pentest_domain.com XXX.XXX.XXX.200

      Then I ran dnsrecon -r XXX.XXX.XXX.1-XXX.XXX.XXX.200
      But the above command didn’t return pentest_domain.com

      Am I doing something wrong?

    • #54160

      Hi kashton I’m also a newbie here. Well i really dont know what do you wanna do, it seems that your in active info gathering phase. We have lots of tools for dns enumeration (even online). If your problem is getting two IPs for a domain, i wanaa say its normal and if the 2nd ip dosent return your domain it is also normal.

      For example if you ping google.com each time you’ll get a different ip address and its because of load balancing
      Your target might impelement edge servers for security and ..
      Multiple domains can point to a single ip address so u need to perform a reverse lookup search to findout if the ip can return your domain or not.

      In active info gathering i suggest you to find their public ip range (Cidr) and search the range to find alive hosts. Then you must identify what the task of each host and the relationship between identified hosts

Viewing 1 reply thread
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?