Find all Forward DNS (
A) records for a domain. Enter a domain name and search for all A records associated with that domain. A handy reconnaissance tool when assessing an organisations security.
Recon: Find your targets with a DNS (A) record search
A forward DNS record (or
A record) is used to determine an IP address from a human readable hostname. By searching all forward DNS records for a domain, attackers (or security penetration testers) can begin to understand the perimeter of an organisations Internet footprint. This type of reconnaissance can discover a wide range of hosts from multiple IP net blocks that may have all manner of services configured on them. With a good understanding of the perimeter the discovered systems can be assessed for security weak spots. The more hosts found the wider the potential attack surface.
Forward DNS Hostname Search
Use this hostname search to find all the forward DNS records for an organisation. Results are limited to a max of 2000 results.
The data used for the forward hostname search comes from the excellent scans.io project. A security research project that is run out of the Rapid7 labs. The database of
A records was last updated on 07/06/15 and contains 24GB of DNS records.
Related IP Tools
Other tools that may be of interest are the Reverse DNS Lookup and the Reverse IP search. By combining these tools it should be possible to get a very good indication of where an organisations Internet systems are located both from IP address and physical location if used in conjunction with GeoIP lookups.
Use the Domain Profiler tool to perform automated reconnaissance against a domain name. This provides a quick overview of an organisations Internet facing infrastructure within a few minutes.
Results are collected passively; no packets are sent against the target IP ranges resulting in a very stealthy way to assess an organizations perimeter.
Forward DNS search API
Rather than using the form above you can also access the forward DNS tool using the API. The output is simply plain text and will include the IP address and the forward DNS host name. Data from the tool can be easily imported into a spreadsheet or other tool for reference purposes.
This query will display the forward DNS from the static database.
The API is designed to be used as a quick reference tool and not for bulk queries; like all our IP Tools there is a limit of 100 (total) requests from a single IP Address per day.