DNS Recon : DNS Dumpster

I use this tool quite a bit and its very handy its for DNS recon and it called dns-dumpster or DNS-D on this link:


Looks quite a normal website, however when you load up the website, you will be asked for the domain to do some DNS recon with:

Once you enter a domain, it goes of an does it "recon"

Once complete you get the raw data about DNS servers, MX records and A records.....

DNS Servers

ns-cloud-e4.googledomains.com	GOOGLE
United States
ns-cloud-e2.googledomains.com	GOOGLE
United States
ns-cloud-e1.googledomains.com	GOOGLE
United States
ns-cloud-e3.googledomains.com	GOOGLE
United States
MX Records ** This is where email for the domain goes...

30 alt3.gmr-smtp-in.l.google.com.
ra-in-f14.1e100.net	GOOGLE
United States
10 alt1.gmr-smtp-in.l.google.com.
dg-in-f14.1e100.net	GOOGLE
United States
40 alt4.gmr-smtp-in.l.google.com.
ea-in-f14.1e100.net	GOOGLE
United States
20 alt2.gmr-smtp-in.l.google.com.
wa-in-f14.1e100.net	GOOGLE
United States
5 gmr-smtp-in.l.google.com.
ww-in-f14.1e100.net	GOOGLE
United States
TXT Records ** Find more hosts in Sender Policy Framework (SPF) configurations

"v=spf1 include:_spf.google.com ~all"
Host Records (A) ** this data may not be current as it uses a static database (updated monthly)

HTTP: ghs
any-in-2215.1e100.net	GOOGLE
United States

However, it also maps out the network for you with a handy image of your domain, very helpful the one for a6n.co.uk is below, the blue routes are DNS, red routes are mail (MX) and they grey routes are website traffic......

This service will also fingerprint and complete service detection, notice it has correctly identified my public webserver:

Previous Post Next Post

Ω†Ω…ΩˆΨ°Ψ¬ Ψ§Ω„Ψ§ΨͺΨ΅Ψ§Ω„