Overview
Explore DNS reconnaissance techniques in this 40-minute Derbycon 2012 conference talk by Carlos Perez. Delve into the fundamentals of DNS-based information gathering, including its importance, limitations, and various enumeration methods. Learn about standard enumeration, zone transfers, reverse lookups, domain brute-forcing, cache snooping, NSEC zone walking, and SRV/A record leakage. Discover how to parse and import gathered data into Metasploit for further exploitation. Gain valuable insights into the caveats of DNS, such as its UDP-based nature and sensitivity to connection path health.
Syllabus
Intro
Disclaimer
What is Recon
Why DNS
Caveats of DNS • DNS is UDP so it is sensitive to the health of the connection path from the attacker to the
DNSRecon
Goals
Types of Enumeration
Standard Enumeration
Zone Transfer
Reverse Lookup
Domain Brute-force
Cache Snooping
NSEC Zone Walk
SRV RR Leakage
A RR Leakage
Parsing Data
Importing Data in to Metasploit