|
DNS Reconnaissance and whois
Pdf ko'rish
|
| bet | 91/225 | | Sana | 14.05.2024 | | Hajmi | 22,59 Mb. | | #232856 |
Bog'liq learningkalilinuxDNS Reconnaissance and whois
The internet world really does revolve around DNS. This is why vulnerabilities in
DNS have been taken so seriously. Without DNS, we’d all have to keep enormous host
tables in our heads because we’d be forced to remember all the IP addresses we use,
including those that are constantly changing. This was, after all, how DNS came to be
in the first place. Before DNS, a single hosts file stored the mappings between IP
addresses and hostnames. Any time a new host was added to the network—and keep
in mind that this was when hosts on the network were large, multiuser systems—the
hosts file had to be updated and then sent out to everyone. That’s not sustainable.
Thus was born the DNS.
DNS ultimately comes down to IP addresses. Those IP addresses are assigned to the
companies or organizations that own the domains. Because of this, we need to talk
about regional internet registries (RIRs). When you are trying to get an understand‐
ing of the scope of your target, using your DNS recon will go hand in hand with using
tools like whois to query the RIRs. Although they are helpful together, for the pur‐
poses of doing recon, we will take a look at DNS reconnaissance first because we will
use some of the output to feed into the queries of RIRs.
DNS Reconnaissance
DNS is a hierarchical system. When you perform a DNS lookup, you send out a
request to a server that is probably close to you. This would be a
caching server
, so-
called because the server caches responses it gets. This makes responses to subse‐
quent requests for the same information much faster. When the DNS server you ask
gets your query, assuming the hostname you are looking for isn’t in the cache, it starts
looking for where to get your information. It does this using hints. A DNS server that
does any lookups on behalf of clients will be seeded with starting points for queries.
|
| |
