Working with DNSx Tool
Example 1: Filtering dead records from a list of passive subdomains
In this example, we will be collecting the subdomains associated with our target domain (w3wiki.org) by filtering the dead records.
subfinder -silent -d w3wiki.org | dnsx
In the below Screenshot, we are trying to open www.qa.w3wiki.org which has a dead record. You can see that there is a connection issue as this subdomain has no longer access.
Example 2: Print A records for the given list of subdomains
In this example, we are collecting the Subdomains along with their a record. A record indicates the IP address of the Subdomain.
subfinder -silent -d w3wiki.org | dnsx -silent -a -resp
Example 3: Extract A records for the given list of subdomains
In this example, we are Extracting or filtering IP addresses from subdomains or records.
subfinder -silent -d w3wiki.org | dnsx -silent -a -resp-only
Example 4: Extract CNAME records for the given list of subdomains
In this example, we are Extracting CNAME records from the list of subdomains. The CNAME record is a type of DNS record that maps an alias name to a true or canonical domain name.
subfinder -silent -d w3wiki.org | dnsx -silent -cname -resp
Example 5: Probe DNS Status code on a given list of subdomains
In this example, we will be collecting the information about the DNS Status Code Probe, in this, the status of each subdomain is displayed whether the subdomain has any issue or whether it has NO ERROR.
subfinder -silent -d w3wiki.org | dnsx -silent -rcode noerror,servfail,refused
Example 6: Extract subdomains from given network range using PTR query
In this example, we are extracting Subdomains from a range of IP addresses of network range. In this example, we have provided the IP range of w3wiki.org. PTR provides the domain name associated with an IP address. It’s oppositive to A record.
echo 34.218.62.116/24 | dnsx -silent -resp-only -ptr
Example 7: Wildcard filtering
In the below Screenshot, we have the list of subdomains of our target w3wiki.org.
dnsx -l w3wiki.org_subdomains.txt -wd w3wiki.org -o output.txt
In this example, we are handling the multi-level DNS-based wildcards which increase beyond a certain small threshold, it will check for wildcards on all the levels of the hosts for that IP iteratively.
In the below Screenshot, we have saved the output in the output.txt file using the -o flag.
So DNSx Tool is an excellent tool for querying DNS. You can use various tools along with this. In the above examples, we have used the SubFinder tool for getting the massive list of subdomains for our target. This list is provided to the DNSx tool for making DNS queries.
DNSx – DNS Toolkit Allow To Run Multiple DNS Queries
DNS Query is crucial in Penetration Testing. DNS Query, also known as DNS Request, demands data sent from a user’s system or DNS Client to DNS Server. In most cases, DNS Request is passed to ask for the IP address associated with a domain name. But we can customize DNS Requests as per our needs. To resolve DNS Queries, we have a tool named dnsx. dnsx tool is a Go language-based tool. dnsx is a fast and multi-purpose DNS toolkit that allows running multiple probes using a retryabledns library that will enable you to perform various DNS queries of your choice with a list of user-supplied resolvers that supports DNS wildcard filtering like shuffled.