Practical DNS Enumeration Using Dnsenum in Kali Linux

Let’s walk through DNS record types using a concrete, practical example for:

http://nerd-cafe.ir/

Assume you own this domain and want to:

• Host a website

• Use email

• Add a blog subdomain

• Secure it with SPF/DKIM

• Point www correctly

We’ll build it step by step.

Step 1 — A Record (IPv4 Address Mapping)

What it does

Maps a domain name → IPv4 address.

Example

You buy a VPS with this IP:

185.143.233.5

To make nerd-cafe.ir open your website:

Result:

When someone types:

DNS translates it to:

The browser connects to your server.

Step 2 — AAAA Record (IPv6 Address)

Same idea as A record, but for IPv6.

If your server also has:

Add:

Now IPv6 users can reach your site.

Step 3 — CNAME Record (Alias)

What it does

Makes one domain name an alias of another.

You want:

to point to:

Add:

Now:

Important rule:

• CNAME cannot exist together with other records on the same name.

Step 4 — MX Record (Mail Server)

What it does

Tells the world which server handles email for your domain.

Let’s say you use:

• Gmail (Google Workspace)

Google gives you:

Add:

Now emails to:

are delivered to Google.

Step 5 — TXT Record (Verification, SPF, Security)

TXT records store text information.

Example 1 — SPF (prevent email spoofing)

This tells email servers:

Only Google is allowed to send emails for nerd-cafe.ir.

Example 2 — Google verification

Used to verify domain ownership.

Step 6 — DKIM (Email Signing)

Google gives you something like:

This digitally signs your outgoing emails.

Step 7 — NS Record (Nameservers)

What it does

Tells the internet which DNS provider manages your domain.

Example:

Without NS records, nothing works.

Step 8 — SRV Record (Advanced Services)

Used for services like VoIP, chat, etc.

Example for a SIP server:

Not common for basic websites, but important in enterprise setups.

Step 9 — Subdomain Example

You want:

Hosted on another server:

Add:

Now blog traffic goes to a different machine.

Full Practical Setup (Minimal Working Example)

For a working website + email setup, you typically need:

Quick Summary

Step 1: Basic Domain Enumeration

Command:

What It Does:

• Retrieves:

  • A record (IP)

  • NS records

  • MX records

  • SOA record

• Attempts zone transfer

• Performs basic subdomain brute-force

Step 2: Enumerate Specific Record Types

A Record Lookup

Avoids reverse lookups to speed up scan.

Step 3: Subdomain Brute Forcing

Using Built-in Wordlist

Step 5: Enumerate Mail Servers

MX records:

Look for:

Useful for:

• Email spoofing tests

• Phishing simulation

• Identifying email infrastructure

Step 6: Save Output to File

Useful for:

• Reporting

• Parsing with other tools

• Automation

💖 Support Our Work

If you find this post helpful and would like to support my work, you can send a donation via TRC-20 (USDT). Your contributions help us keep creating and sharing more valuable content.

Thank you for your generosity! 🙏

Keywords

DNS enumeration, dnsenum, Kali Linux, reconnaissance, subdomain discovery, zone transfer, AXFR, DNS records, A record, MX record, NS record, SOA record, brute force, wordlist, reverse lookup, penetration testing, attack surface mapping, OSINT, network security, ethical hacking , Nerd Cafe , نرد کافه

Channel Overview

🌐 Website: www.nerd-cafe.ir

📺 YouTube: @nerd-cafe

🎥 Aparat: nerd_cafe

📌 Pinterest: nerd_cafe

📱 Telegram: @nerd_cafe

📝 Blog: Nerd Café on Virgool

💻 GitHub: nerd-cafe