DNS Query is crucial in Penetration Testing. DNS Query, also known as DNS Request, demands data sent from a userβs system or DNS Client to DNS Server. In most cases, DNS Request is passed to ask for the IP address associated with a domain name. But we can customize DNS Requests as per our needs. To resolve DNS Queries, we have a tool named dnsx. dnsx tool is a Go language-based tool. dnsx is a fast and multi-purpose DNS toolkit that allows running multiple probes using a retryabledns library that will enable you to perform various DNS queries of your choice with a list of user-supplied resolvers that supports DNS wildcard filtering like shuffled.
Features of DNSx Tool
- It is handy and a straightforward utility to query DNS records.
- It has support to A,AAAA,CNAME,PTR,NS,MX,TXT,SOA.
- It also supports DNS Status code probing
- It has support for DNS Tracing.
- It handles wildcard subdomains in an automated way.
- It is open-source and free to use.
- It has support to Stdin and Stdout, which can work with other tools.
| Flag | Description | Example |
| a | Query A record | dnsx -a |
| aaaa | Query AAAA record | dnsx -aaaa |
| cname | Query CNAME record | dnsx -cname |
| ns | Query NS record | dnsx -ns |
| ptr | Query PTR record | dnsx -ptr |
| txt | Query TXT record | dnsx -txt |
| mx | Query MX record | dnsx -mx |
| soa | Query SOA record | dnsx -soa |
| raw | Operates like dig | dnsx -raw |
| l | File input list of subdomains/host | dnsx -l list.txt |
| json | JSON output | dnsx -json |
| r | File or comma separated resolvers | dnsx -r 1.1.1.1 |
| rl | Limit of DNS request/second | dnsx -rl 100 |
| resp | Display response data | dnsx -cname -resp |
| resp-only | Display only response data | dnsx -cname resp-only |
| retry | Number of DNS retries | dnsx -retry 1 |
| silent | Show only results in the output | dnsx -silent |
| o | File to write output to (optional) | dnsx -o output.txt |
| t | Concurrent threads to make | dnsx -t 250 |
| verbose | Verbose output | dnsx -verbose |
| version | Show version of dnsx | dnsx -version |
| wd | Wildcard domain name for filtering | dnsx -wd example.com |
| wt | Wildcard Filter Threshold | dnsx -wt 5 |
So DNSx Tool is an excellent tool for querying DNS. You can use various tools along with this. In the above examples, we have used the SubFinder tool for getting the massive list of subdomains for our target. This list is provided to the DNSx tool for making DNS queries.