Home linux tutorial Dnsrecon – Get Dns information to any target

Dnsrecon – Get Dns information to any target

Get all websites DNS information with the Dnsrecon tool

Dnsrecon is an osint tool, and this tool is pre-installed on Linux. This tool is designed to get the DNS information of a website.

The uniqueness of this tool is that all DNS information can be found through this dnsrecon tool. This tool is very easy to use. If you need to use this tool on termux you can install it using the command given below.

					git clone https://github.com/darkoperator/dnsrecon


  1. Check all NS Records for Zone Transfers.
  2. Enumerate General DNS Records for a given Domain (MX, SOA, NS, A, AAAA, SPF and TXT).
  3. Perform common SRV Record Enumeration.
  4. Top Level Domain (TLD) Expansion.
  5. Check for Wildcard Resolution.
  6. Brute Force subdomain and host A and AAAA records given a domain and a wordlist.
  7. Perform a PTR Record lookup for a given IP Range or CIDR.
  8. Check a DNS Server Cached records for A, AAAA and CNAME Records provided a list of host records in a text file to check.

How to use Dnsrecon tool

First, you need to type the following command in your terminal to run the dnsrecon tool.

					dnsrecon -h
Dnsrecon – Get Dns information to any target

1. Simple search

With this simple search, you can gather the overall information of a website. To start this simple search, run the following command on your terminal.

d – Domain name

a – Perform AXFR with standard enumeration.

					dnsrecon -d <mywebsite.com> -a
Dnsrecon – Get Dns information to any target

Now you have all the DNS information available and run the following command to see if you can zone transfer the name server of that website.

d – Domain name

t – Type of enumeration to perform

axfr – Test all NS servers for a zone transfer

					dnsrecon.py -d <mywebsite.com> -t axfr
Dnsrecon – Get Dns information to any target

2. Reverse lookup

DNSRecon can perform a reverse lookup for PTR (Pointer) records against IPv4 and IPv6 address ranges.To run reverse lookup enumeration the command:

					dnsrecon.py -r <startIP>-<endIP>
ip range

Also reverse lookup can be performed against all ranges in SPF records with the command

					dnsrecon.py -d <domain> -s
Dnsrecon – Get Dns information to any target

And if you need any information you can find out by enabling the help option. I hope you learned how to use the dnsrecon tool through this post. If you have any doubts let me know by the command.


No Comments

Leave A Reply

Please enter your comment!
Please enter your name here