Kickstart your coding journey with our Python Code Assistant. An AI-powered assistant that's always ready to help. Don't miss out!
DNS Enumeration is the process of collecting information about a specific domain's DNS configuration. It is one of the most common reconnaissance techniques that can be useful for many purposes, such as identifying nameservers, learning about the email services being used in a particular domain, and many more.
You can also extract domain name information using the WHOIS database, but that's not the purpose of this tutorial, as we'll interact with DNS.
We will be using the dnspython
library in Python to help us perform DNS queries and parse the responses conveniently. Let's install it:
$ pip install dnspython
Once the library is installed, open up a new Python file dns_enumeration.py
, and add the following:
import dns.resolver
# Set the target domain and record type
target_domain = "thepythoncode.com"
record_types = ["A", "AAAA", "CNAME", "MX", "NS", "SOA", "TXT"]
# Create a DNS resolver
resolver = dns.resolver.Resolver()
for record_type in record_types:
# Perform DNS lookup for the specified domain and record type
try:
answers = resolver.resolve(target_domain, record_type)
except dns.resolver.NoAnswer:
continue
# Print the answers
print(f"{record_type} records for {target_domain}:")
for rdata in answers:
print(f" {rdata}")
We specify the most common DNS records: A
, AAAA
, CNAME
, MX
, NS
, SOA
, and TXT
. You can look at this Wikipedia page to see all the available DNS records and their functions.
We create the Resolver
object and use the resolve()
method that accepts the target domain and the record type to extract the DNS information.
Here’s my output:
$ python dns_enumeration.py
DNS records for thepythoncode.com (A):
99.81.207.218
52.19.6.38
34.247.123.251
DNS records for thepythoncode.com (MX):
0 thepythoncode-com.mail.protection.outlook.com.
DNS records for thepythoncode.com (NS):
sparrow.ezoicns.com.
siamese.ezoicns.com.
giraffe.ezoicns.com.
manatee.ezoicns.com.
DNS records for thepythoncode.com (SOA):
giraffe.ezoicns.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
DNS records for thepythoncode.com (TXT):
"v=spf1 include:spf.protection.outlook.com -all"
"NETORGFT5410317.onmicrosoft.com"
"google-site-verification=yJTOgIk39vl3779N3QhPF-mAR36QE00J6LdXHeID4fM"
Awesome! A lot of helpful info here:
thepythoncode.com
is mapping to three different IP addresses (the A
record); we can then use services such as IPInfo to know more about these IP addresses.MX
(Mail Exchange) record is used to identify the servers responsible for handling incoming emails for a domain. In our case, we clearly see that this domain is using the Outlook service.NS
record, thepythoncode.com
has four different nameservers from ezoicns.com
. NS
records identify the DNS servers responsible for handling DNS queries for the domain. In other words, when a client wants to look up the IP address (such as a regular web browser) for thepythoncode.com
, it will query one of these DNS servers for information.SOA
records contain administrative information about the zone and other information about DNS’s configuration, such as the time-to-live (TTL
) for DNS records.TXT
records store arbitrary text data associated with a domain. In our case, the TXT
records contain various verification codes and other information used by different services to verify that they have permission to access the domain name. For example, the record "google-site-verification=yJTOgIk39vl3779N3QhPF-mAR36QE00J6LdXHeID4fM"
is used by Google to verify that a website owner has permission to access Google services for their domain.SPF
(Sender Policy Framework) record in the TXT
records is used to help protect against email spam and spoofing, as they contain instructions for receiving mail servers about which servers are allowed to send an email for a particular domain.Alright! That's it for the tutorial; I hope it's helpful for you to extract DNS information about a domain name.
Are you interested in learning more about ethical hacking and building tools to protect against cyber threats? Our Ethical Hacking with Python Ebook is the perfect resource for you! This comprehensive guide covers building tools in various topics, including information gathering, malware, and network packet manipulation. You'll learn how to build tools like a reverse shell, password cracking tools, and many more (More than 35 pentesting tools).
With step-by-step instructions and clear explanations, this EBook is perfect for both beginners and experienced professionals looking to expand their knowledge in the field of ethical hacking with Python. Don't miss out on this opportunity to become an expert in cyber security – get your copy today!
Learn also: How to Get Domain Name Information in Python.
Happy hacking ♥
Found the article interesting? You'll love our Python Code Generator! Give AI a chance to do the heavy lifting for you. Check it out!
View Full Code Transform My Code
Got a coding query or need some guidance before you comment? Check out this Python Code Assistant for expert advice and handy tips. It's like having a coding tutor right in your fingertips!