DNS Lookup (forward) Back

Security related information and use within the scope of pentesting


Forward DNS lookup describes the process of finding the IP address related to a given domain an user enters via e.g. the URL-bar of a browser. Forward DNS lookup is commonly used on the Internet because it's easier to remember domain names instead IP addresses [1].


Rapid7 provides different datasets containing DNS responses of all forward DNS names known by Rapid7's Project Sonar. This information can be very useful when doing Reconnaissance on a target and e.g. hunting for subdomain takeover vulnerabilities [2]. The data is GZIP compressed containing name, type, value and timestamp of any returned records for a given name in JSON format (size: 24.5 GB).

[email protected]st:~/DLL$ pigz -dc 2018-08-25-1535232149-fdns_cname.json.gz | grep '"value":"target'

Source: https://opendata.rapid7.com/sonar.fdns_v2