Find all hosts sharing a name server (NS record). Discovering additional domains and host names from a shared NS server search enables a security analyst to link related systems. Finding all related and accessible endpoints is the only way to truly assess the security of an organization.

Valid Input: ns1.example.com ns2.example.com


Remove limits & captcha with membership

Recon: Find more targets with a NS server shared record search

It only takes one weak point for an attacker to get a foothold into an organization that can lead to complete compromise of the IT infrastructure and any data of value.

By searching for all records pointing to a DNS server you are able to identify hosts (and websites) that are related to the systems under but not necessarily sharing the same domain name.

The attack surface of an organization can be expanded rapidly by discovering hosts through various DNS queries. Finding all hosts and IP addresses of interest for a domain, can then be expanded out to the IP address net blocks that those hosts are being served from. Reverse DNS searches against the discovered net blocks can further expand the attack surface. Many organizations would be hard pressed to say with confidence that all systems are up to date and secure. Finding those weaker points of access is simply a matter of searching and probing.

Shared DNS Server Limits
User type Queries / day Max # of results
Free 50 500
Member # Based on Plan 500'000

With a membership get up to half a million results from a single query. A gold mine of data for security analysts, network defenders and other cyber security professionals.

Security Cameras with overlay text 'Know your network, know the adversary, know the target'

Related IP Tools

To find hosts names using the domain as the query use the Forward A record search. Other tools that may be of interest are the Reverse DNS Lookup and the Reverse IP search. By combining these tools it should be possible to get a very good indication of where an organisations Internet systems are located both from IP address and physical location if used in conjunction with GeoIP lookups.

DNS server search API

Rather than using the form above you can also access the DNS search tool using the API. The output is simply plain text and will include the the forward DNS host names found in that are pointing to the DNS server. Data from the tool can be easily imported into a spreadsheet or other tool for reference purposes.

curl https://api.hackertarget.com/findshareddns/?q=ns1.dnsserver.com

This query will display the host names found that are pointing to the DNS server queried for.

The API is simple to use and aims to be a quick reference tool; like all our IP Tools there is a limit of 50 queries per day or you can increase the daily quota with a Membership.

Trusted Tools

Vulnerability Scans and Network Intelligence

Use Cases
Recon Options

Enumerate and Discover
Know the Network

IP & DNS Recon Tools
Get Access

28 vulnerability scanners and network tools

Membership