Slow DNS enumeration

Fierce is an excellent tool for doing DNS reconnaissance, i.e. querying the DNS server for potential domain names to be revealed. I’ve seen some setups where the enumeration has gone horrible slow.

If your DNS enumeration tool is going slow, fire up tcpdump and inspect the DNS traffic.

tcpdump -i -nn port 53 

Normally you should see tens and hundres of DNS queries flowing past the screen, but if the requests are slow, inspect the queries you are sending. Are you sending queries for .local domain as well?

This image shows 3 queries trying to resolve one name, but sends multiple queries

This is likely due to your DHCP settings are pushed out with a SearchDomain for .local. Edit your /etc/resolv.conf and remove the line dictating the SearchDomain, and you should have a huge boost in speed!


Posted

in

by

Looking to get in touch?