5 Minutes Short Tutorial - DNS Enumeration

Domain Name System (DNS) is a protocol that helps resolve URLs into IP addresses. DNS servers are the machines that resolve easily remember URLs into IP addresses.

What is DNS enumeration?

DNS enumeration is a method of identifying information on all DNS components in a target.

Why is DNS Enumeration Important?

DNS enumeration help in identifying usernames, DNS record names, DNS domain names, and IP addresses of a target. This will enable hackers to increase the attack surface of the target.

Tools Used

Different tools are required for DNS enumeration. Some tools are web-based and some are web-based. Below is the list of tools for the enumeration of DNS information of the target system.

(1) Google

Familiar but very effective tool to identify subdomains. This is the most legal way that you can use to find more assets of the target.

The first Google dork that may be used is inurl:google.com

Click Here to check more search tips on Google

(2) nslookup

nslookup is a command line utility it can be used to identify DNS infrastructure.

set type=any 
ls -d <domain-name>

(3) Nmap

Nmap is a port scanner used to identify open ports. Click Here for Nmap Cheatsheet

nmap -sC -sV -p53 192.168.x.0/24

(4) dig

dig is a command line tool for querying DNS servers.

dig axfr <url> @<ip>

Click Here for more example for Top 12 Examples of Linux dig Command

(5) Fierce

Reconnaissance tool that quickly scans the target domain for DNS-related vulnerabilities.

fierce -dns <url>

(6) AltDNS

Useful in identifying subdomains through alteration and permutation.

git clone https://github.com/infosec-au/altdns.git 
cd altdns 
pip install -r requirements.txt

(7) DNSenum

DNSenum is Perl script identifying the DNS information of the target.

dnsenum --noreverse example.com

(8) DNSrecon

Reconnaissance tool that can be used to perform automatic recon of the target.

$ dnsrecon -d nikosdano.com

Refer article Top 5 Commands to Test DNS Zone Transfer to identify all details related to zone transfer methods.


DNS enumeration is a must while performing an assessment of the IT system. It is not tough and can be performed by using both command and web interface tools.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *