312-50V12 Question #163: Real Exam Question with Answer & Explanation

Question

As a Certified Ethical Hacker, you are conducting a footprinting and reconnaissance operation against a target organization. You discover a range of IP addresses associated with the target using the SecurityTrails tool. Now, you need to perform a reverse DNS lookup on these IP addresses to find the associated domain names, as well as determine the nameservers and mail exchange (MX) records. Which of the following DNSRecon commands would be most effective for this purpose?

Options

• Adnsrecon -r 192.168.1.0/24 -n nsl.example.com -t axfr
• Bdnsrecon -r 10.0.0.0/24 -n nsl.example.com -t zonewalk
• Cdnsrecon -r 162.241.216.0/24 -n nsl.example.com -t std
• Ddnsrecon -r 162.241.216.0/24 -d example.com -t brt

Explanation

To perform reverse DNS lookups on an IP range and enumerate associated domain names, nameservers, and MX records using dnsrecon, the standard enumeration type with an IP range specified is the most effective approach.

Common mistakes.

• A. The -t axfr option attempts an AXFR (zone transfer), which is generally used for enumerating all records for a known domain and is rarely successful for external reconnaissance, rather than performing reverse lookups on an IP range to discover domains and their NS/MX records.
• B. The -t zonewalk option is used for DNS zone walking, which enumerates records within a specific domain (often via NSEC records), and is not the appropriate method for iterating through an IP range to perform reverse lookups.
• D. The -d example.com flag specifies a target domain for forward enumeration, which contradicts the goal of discovering domain names through reverse lookups on an IP range, and the -t brt (brute-force) option is primarily for finding subdomains of a known domain, not for reverse DNS lookups.

Concept tested. DNS reconnaissance for reverse lookups and record enumeration.

Reference. https://www.kali.org/tools/dnsrecon/

No community discussion yet for this question.