dns recon and research, find and lookup dns records (2024)

DNSDumpster.com is a FREE domain research tool that can discover hosts related to a domain. Finding visible hosts from the attackers perspective is an important part of the security assessment process.

this is a project

Open Source Intelligence for Networks


The ability to quickly identify the attack surface is essential. Whether you are penetration testing or chasing bug bounties.


Network defenders benefit from passive reconnaissance in a number of ways. With analysis informing information security strategy.


Understanding network based OSINT helps information technologists to better operate, assess and manage the network.

Map an organizations attack surface with a virtual dumpster dive* of the DNS records associated with the target organization.

*DUMPSTER DIVING: The practice of sifting refuse from an office or technical installation to extract confidential data, especially security-compromising information.

Frequently Asked Questions

How can I take my security assessments to the next level?

The company behind DNSDumpster is hackertarget.com where we provide online hosted access to trusted open source security vulnerability scanners and network intelligence tools.

Save time and headaches by incorporating our attack surface discovery into your vulnerability assessment process.

dns recon and research, find and lookup dns records (1)

What data does DNSDumpster use?

No brute force subdomain enumeration is used as is common in dns recon tools that enumerate subdomains. We use open source intelligence resources to query for related domain data. It is then compiled into an actionable resource for both attackers and defenders of Internet facing systems.

More than a simple DNS lookup this tool will discover those hard to find sub-domains and web hosts. The search relies on data from our crawls of the Alexa Top 1 Million sites, Search Engines, Common Crawl, Certificate Transparency, Max Mind, Team Cymru, Shodan and scans.io.

I have hit the host limit, do you have a PRO option?

Over at hackertarget.com there's a tool we call domain profiler. This compiles data similiar to DNSDumpster; with additional data discovery. Queries available are based on the membership plan with the number of results (subdomains) being unlimited. With a STARTER membership you have access to the domain profiler tool for 12 months. Once the years membership expires you will revert to BASIC member status, however access to Domain Profiler and Basic Nmap scans continue. The BASIC access does not expire.

What are some other resources and tools for learning more?

There are some great open source recon frameworks that have been developed over the past couple of years. In addition tools such as Metasploit and Nmap include various modules for enumerating DNS. Check our Getting Started with Footprinting for more information.

dns recon and research, find and lookup dns records (2024)


How do I find my DNS records? ›

Use a website that gathers domain information, like WHOIS lookup, to look up public information about your name server. Search your domain name. Enter your domain name in the search field, such as mywebsite.com, and look up the domain information. Look for Name Server information in search results.

How to do a DNS lookup? ›

Use the command nslookup (this stands for Name Server Lookup) followed by the domain name or IP address you want to trace. Press enter. This command will simply query the Name Service for information about the specified IP address or domain name.

What is DNSRecon used for? ›

Brute-forcing of subdomains: DNSRecon can be used to brute-force subdomains of a target domain. This is useful for discovering subdomains that may have been missed during enumeration. Zone transfers: DNSRecon can be used to perform zone transfers on a target domain.

How do I check a specific DNS record? ›

How Do I Perform a DNS Lookup Using Command-Line Tools?
  1. Open Command Prompt.
  2. Enter nslookup domain.com to perform a DNS lookup for the domain.

Can you check DNS history? ›

DNS Trails (now owned by SecurityTrails), a top-tier tool for accessing DNS history, offers users: Access to a vast database of DNS records. 50 API queries with a free account. Historical DNS records with daily updates on domain data.

Can you trace DNS? ›

Using DNS trace, you can troubleshoot your DNS. You can use it on Linux OS, Mac OS and even on Windows (using Cygwin). You will trace the route of a DNS query. If there is a problem, you will see exactly where it is.

How do I open DNS lookup tool? ›

This tool can be used to check DNS records propagation and resolution using different servers and perform other troubleshooting steps.
  1. Open Command prompt. ...
  2. Type nslookup and hit Enter. ...
  3. Type nslookup domain_name and the command will return the A record for the domain you ran a query for.
Oct 11, 2023

What is the command to check DNS details? ›

Command - nslookup

The nslookup command is used to query the Domain Name System (DNS) to obtain information about a domain or hostname. When you perform an nslookup command, it will query the DNS server to get information about the IP address associated with the domain name.

What is a DNS lookup operation? ›

A DNS lookup is initiated when an end user enters a domain name and the resolver translates it into the corresponding identifier—the IP address. To understand this process, it is best to start with the basics of DNS—what it is, how it works, and what a query journey looks like.

What is DNS spy? ›

DNS Spy is a platform that enables users to manage and monitor their DNS records.

What is DNS record hijacking? ›

Domain Name Server (DNS) hijacking is a type of DNS attack where an attacker purposefully manipulates how DNS queries are resolved so as to redirect users to malicious websites. Hackers either install malware on user PCs, seize control of routers, or intercept or hack DNS connections to carry out the attack.

What is DNS query sniffer? ›

DNS Query Sniffer is a tool that prints DNS query/response information in a spreadsheet-style view, and allows easy exporting of the data.

How do I read DNS lookup? ›

1. Using Windows command line
  1. Open the command prompt.
  2. Type nslookup followed by the IP address and press 'Enter. ' For example, it can be nslookup 8.8. 8.8.
  3. Now, the command prompt will return the DNS name and the IP you entered.
May 22, 2024

How do I look up a DNS record? ›

The most efficient way to check DNS records of the domain is to use a terminal with the command nslookup. This command will run on almost all operating systems (Windows, Linux, and macOS).

How do I trace a DNS issue? ›

A typical dig command will show you an Authority Section. You can see if the DNS is pointing correctly. Use it with +trace in dig +trace combination “dig +trace YOURDOMAIN” to see the whole route of your query. This way you can locate the exact problem.

Where do I find DNS files? ›

dns file needed to locate the Internet root name servers and a dummy boot file. Creating a new zone with the DNS Manager creates the file for that zone. All of these files are located in the %SystemRoot%\system32\Dns directory, and all except the dummy boot file are built from standard resource records.

How do I check my DNS logs? ›

Click Start > Administrative Tools > DNS to open the DNS management console. Tip: On previous Windows Server versions, click Start > All Programs > Administrative Tools > DNS. In the navigation menu, expand your DNS server, right-click the server, and then click Properties.

How to check DNS records in Windows? ›

The Command Prompt can be used to check the DNS server that is currently in use. This is how:
  1. Type Command Prompt into the Start menu, then select Run as Administrator from the right pane.
  2. Ipconfig /all should be entered into the Command Prompt window.
  3. The information displayed on the screen includes the DNS servers.
Oct 17, 2022


Top Articles
Latest Posts
Article information

Author: Arielle Torp

Last Updated:

Views: 5725

Rating: 4 / 5 (41 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Arielle Torp

Birthday: 1997-09-20

Address: 87313 Erdman Vista, North Dustinborough, WA 37563

Phone: +97216742823598

Job: Central Technology Officer

Hobby: Taekwondo, Macrame, Foreign language learning, Kite flying, Cooking, Skiing, Computer programming

Introduction: My name is Arielle Torp, I am a comfortable, kind, zealous, lovely, jolly, colorful, adventurous person who loves writing and wants to share my knowledge and understanding with you.