Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] DNS question about DNSENUM.PL



Hi All,

I've been using DNSENUM.PL via BackTrack to do some information gathering
on my work's network.  I've noticed something that I think is rather odd,
and my curious nature has got me wondering "how?"  Unfortunately, Googling
hasn't shed much light on my question.

So, not all of my DNS sub domains show up in a simple scan.  For example, I
know I have VPN.blah.org.  I can ping it, it's how I VPN into my
organization, yet it doesn't show up in a regular DNSENUM scan.  I have to
use the brute force option with a dictionary file.  Other sub domains, such
as news.blah.org, www.blah.org or ftp.blah.org show up no problem.

I don't understand the mechanics of how this is happening.  What's allowing
me to ping VPN.blah.org, but doesn't allows DNSENUM to find it?  What
exactly is brute forcing DNS doing?  Why do some subdomains show up without
the use of brute force and others don't?

-- 
Chris O'Connell
http://outlookoutbox.blogspot.com



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org