Back to


DNSrecon (available in Kali 2017 Release) is a powerful DNS enumeration script that can help and auditor in gathering information during the recon stage. This tool checks all NS records for Zone transfers, enumerate general DNS records for a given domain (MX, SOA, NS, A, AAAA, SPF and TXT). Performs SRV record enumeration and TLD (Top Level Domain) Expansion to name some.

This exercise will help you in performing some of the DNS enumeration methods using DNSrecon and generate information which you can add to your database to be used for other avenues of testing.

Perform basic DNS enumeration on target:

[email protected]:~# dnsrecon -d

Perform DNS Zone Transfer enumeration:

[email protected]:# dnsrecon -d <target.domain> -a [email protected]:# dnsrecon -d <target.domain> -t axfr

Perform Reverse Lookup:

[email protected]:~# dnrecon -r

Domain Brute-Force:

[email protected]:~# dnsrecon -d <target.domain> -D -t brt

Cache Snooping:

[email protected]:~# dnsrecon -t snoop -n Sever -D

Zone Walking:

[email protected]:~# dnsrecon -d <target.domain> -t zonewalk