dnsrecon reverse lookup



User avatar


Posts: 1

Joined: Mon Apr 13, 2015 7:41 pm

Post Mon Apr 13, 2015 8:42 pm

dnsrecon reverse lookup

Sorry for a lot of encoding... I had to encode the actual domain names and IP addresses. Hopefully it will not change my question.

This was the output of dnsrecon -d pentest_domain.com :
DNSSEC is not configured for pentest_domain.com
[*]     SOA ns8297.godaddy.com XXX.XXX.XXX.2
[*]     NS ns8297.godaddy.com XXX.XXX.XXX.2
[*]     Bind Version for XXX.XXX.XXX.2 dnsmasq-2.15-OpenDNS-1
[*]     NS ns8298.godaddy.com XXX.XXX.XXX.20
[-]     Recursion enabled on NS Server XXX.XXX.XXX.20
[*]     Bind Version for XXX.XXX.XXX.20 dnsmasq-2.15-OpenDNS-1
[*]     MX pentest_domain.com XXX.XXX.XXX.200
[*]     A pentest_domain.com XXX.XXX.XXX.200
[*]     TXT pentest_domain.com v=spf1 a mx ptr include:bluehost.com include:relay.pentest_domain 2.com ?all
[*]     TXT _domainkey.pentest_domain.com o=~
[*] Enumerating SRV Records
[-] No SRV Records Found for pentest_domain.com
[*] 0 Records Found

I thought that I got the domain's IP address in the following record:
A pentest_domain.com XXX.XXX.XXX.200

Then I ran dnsrecon -r XXX.XXX.XXX.1-XXX.XXX.XXX.200
But the above command didn't return pentest_domain.com

Am I doing something wrong?


User avatar


Posts: 4

Joined: Tue May 05, 2015 9:25 am

Post Tue May 05, 2015 2:50 pm

Re: dnsrecon reverse lookup

Hi kashton I'm also a newbie here. Well i really dont know what do you wanna do, it seems that your in active info gathering phase. We have lots of tools for dns enumeration (even online). If your problem is getting two IPs for a domain, i wanaa say its normal and if the 2nd ip dosent return your domain it is also normal.

For example if you ping google.com each time you'll get a different ip address and its because of load balancing
Your target might impelement edge servers for security and ..
Multiple domains can point to a single ip address so u need to perform a reverse lookup search to findout if the ip can return your domain or not.

In active info gathering i suggest you to find their public ip range (Cidr) and search the range to find alive hosts. Then you must identify what the task of each host and the relationship between identified hosts

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software