DNS Recon

DNS Enumeration & Analysis

"Comprehensive DNS enumeration — all record types, zone transfers, CNAME chains, and email security records."

What it does

DNS records reveal the full infrastructure behind a domain. A records show IP addresses. MX records show mail servers. CNAME records can reveal internal hostnames and third-party services. TXT records often contain sensitive configuration data. NS records reveal the DNS provider. Zone transfers (when allowed) can dump the entire DNS database.

The DNS tool queries all standard record types and checks for zone transfer vulnerability — a misconfiguration that lets any client download the complete DNS zone file, revealing every hostname in the domain. It also validates SPF, DKIM, and DMARC email security records.

Example findings

CRITICALDNS Zone Transfer Allowed — Full Zone Exposeddns

HIGHWildcard DNS — All Subdomains Resolve to Same IPdns

HIGHDangling CNAME — Points to Unclaimed Servicedns

MEDIUMSPF Record Missing — Email Spoofing Riskdns

← Back to all tools ▶ Scan with DNS Recon

What it finds

▸All DNS record types (A, AAAA, MX, NS, TXT, CNAME, SOA, PTR)
▸Zone transfer vulnerability (AXFR allowed)
▸Wildcard DNS misconfiguration
▸Dangling CNAME records pointing to unclaimed services
▸Missing or misconfigured SPF records
▸Internal hostnames leaked via DNS
▸Third-party services revealed by CNAME chains

Works well with

Subfinder →DMARC Checker →Subdomain Takeover →