Domain Name System (DNS) can provide valuable data during the reconnaissance phase. If you do not already understand DNS, you may want to take some time to get a good grasp of the service and how it works. At a very basic level, DNS is used to translate domain names into IP addresses. Luckily for us, there are many tools available that are excellent at extracting the data that we need from name servers. An example of the information you are able to gather includes:
Record |
Description |
---|---|
CNAME |
Alias, used to tie many names to a single IP. An IP address can have multiple CNAME records associated with it. |
A |
Used to translate a domain or subdomain name to a 32-bit IP address. It can also store additional useful information. |
MX |
Ties a domain name to associated mail servers. |
There are other record types that can be collected from DNS tools as well; the records listed in the table are the most popular, and often the most useful.