Find hosts sharing DNS servers. Discovering additional domains and host names from a shared DNS server search enables a security analyst to link related systems. Finding all related and accessible systems is the only way to truly assess the security of an organization.
Recon: Find more targets with a DNS server shared record search
It only takes one weak point for an attacker to get a foothold into an organization that can lead to complete compromise of the IT infrastructure and any data of value.
By searching for all records pointing to a DNS server you are able to identify hosts (and websites) that are related to the systems under but not necessarily sharing the same domain name.
The attack surface of an organization can be expanded rapidly by discovering hosts through various DNS queries. Finding all hosts and IP addresses of interest for a domain, can then be expanded out to the IP address net blocks that those hosts are being served from. Reverse DNS searches against the discovered net blocks can further expand the attack surface. Many organizations would be hard pressed to say with confidence that all systems are up to date and secure. Finding those weaker points of access is simply a matter of searching and probing.
Related IP Tools
To find hosts names using the domain as the query use the forward A record search. Other tools that may be of interest are the Reverse DNS Lookup and the Reverse IP search. By combining these tools it should be possible to get a very good indication of where an organisations Internet systems are located both from IP address and physical location if used in conjunction with GeoIP lookups.
DNS server search API
Rather than using the form above you can also access the DNS search tool using the API. The output is simply plain text and will include the the forward DNS host names found in that are pointing to the DNS server. Data from the tool can be easily imported into a spreadsheet or other tool for reference purposes.
This query will display the host names found that are pointing to the DNS server queried for.
The API is designed to be used as a quick reference tool and not for bulk queries; like all our IP Tools there is a limit of 100 (total) requests from a single IP Address per day.