Reverse DNS Lookup Tutorial

by do son · Published · Updated

Reverse DNS Lookup

In computer networks, a reverse DNS lookup or reverse DNS resolution (rDNS) is the querying of the Domain Name System (DNS) to determine the domain name associated with an IP address – the reverse of the usual “forward” DNS lookup of an IP address from a domain name. The process of reverse resolving an IP address uses PTR records. The reverse DNS database of the Internet is rooted in the arpa top-level domain. __Wiki

As a penetration tester, you was able to see the domain name resolution server often when evaluating system security, which was especially evident in the information collection phase. We are still able to see from time to time to allow some of the domain to send the public domain name server, obviously, this is a hidden danger. But you have never put the DNS server as a real target, and my clients are reluctant to allow engineers to paralyze their network services during paid testing.

If you are an attacker, to find the most appropriate domain name resolution server to attack, what should you do, you should choose which domain name resolution server. It is very easy to use the domain name resolution server used for the target, but if my goal is a domain name server, you want to DDoS attacks on the domain name resolution server, then you should reverse the query to find a domain name resolution server to provide services for all domain names

Reverse NS lookup

Google results tell me to reverse the domain name query, as long as we can find a domain name server, we can query it to provide all the independent domain name. How does the reverse domain name resolution query take effect? I found the best answer on the Server Fault:

Zone File Access: Some registries grant registrars or other groups access to domain files. This also makes it very easy to determine which domains in these spaces have access to the DNS server.But in my study found that now provide access to domain file permissions registrar is not common. In this way, although this method is the most reliable, and has not been widely used.

Passive DNS: Passive DNS through the ISP’s recursive DNS server traffic check and reconstruct the zone data based on the view to achieving the purpose. Although this approach consumes a lot of resources and the data in the database may become obsolete, it is still widely used as an effective means. I will continue to talk about this method below.

Reverse NS Lookup Tool

Tags: reverse dns lookup