DNS Enumeration CLI Tool

A Python command-line tool to enumerate DNS information for any domain. This tool queries various DNS record types and displays them in a clean, readable format.

Features

• Query all major DNS record types:
  • A - IPv4 addresses
  • AAAA - IPv6 addresses
  • MX - Mail exchange servers
  • NS - Name servers
  • TXT - Text records
  • CNAME - Canonical name records
  • SOA - Start of authority records
• Query WHOIS information:
  • Registrar information
  • Domain creation and expiry dates
  • Name servers
• Query specific record types
• Configurable timeout settings
• Error handling for non-existent domains
• Clean, formatted output

Installation

Prerequisites

• Python 3.6 or higher
• pip (Python package manager)

Setup

1. Clone or download the files:

   # If you have the files locally, navigate to the directory
   cd /path/to/dns_enum

2. Install the required dependency:

   pip install -r requirements.txt

3. Make the script executable (optional):

   chmod +x dnsinfo.py

Usage

Basic Usage

Enumerate all DNS records for a domain:

python3 dnsinfo.py example.com

Query Specific Record Types

Query a specific DNS record type:

# Query only A records
python3 dnsinfo.py google.com --type A

# Query only MX records
python3 dnsinfo.py example.com --type MX

# Query only TXT records
python3 dnsinfo.py domain.com --type TXT

Available Record Types

• A - IPv4 addresses
• AAAA - IPv6 addresses
• MX - Mail exchange servers
• NS - Name servers
• TXT - Text records
• CNAME - Canonical name records
• SOA - Start of authority records

Advanced Options

Set custom timeout (default is 5 seconds):

python3 dnsinfo.py example.com --timeout 10

Output results in JSON format:

python3 dnsinfo.py example.com --json
python3 dnsinfo.py google.com --type A --json

Help

Display help and usage information:

python3 dnsinfo.py --help

Examples

Example 1: Complete DNS Enumeration

$ python3 dnsinfo.py google.com
Enumerating DNS records for google.com
=================================================
A Records:
  142.250.190.46

AAAA Records:
  2607:f8b0:4009:809::200e

MX Records:
  10 smtp.google.com.

NS Records:
  ns3.google.com.
  ns2.google.com.
  ns4.google.com.
  ns1.google.com.

TXT Records:
  "v=spf1 include:_spf.google.com ~all"
  "google-site-verification=wD8N7i1JTNTkezJ49swvWW48f8_9xveREV4oB-0Hf5o"
  ...

SOA Record:
  ns1.google.com. dns-admin.google.com. 859009256 900 900 1800 60

WHOIS Information:
  Registrar: MarkMonitor, Inc.
  Creation Date: 1997-09-15
  Expiration Date: 2024-09-14
  Name Servers:
    ns1.google.com
    ns2.google.com
    ns3.google.com
    ns4.google.com

Example 2: Specific Record Type

$ python3 dnsinfo.py github.com --type A
A Records:
  140.82.114.3

Example 3: Query MX Records

$ python3 dnsinfo.py example.com --type MX
MX Records:
   10 mail.example.com.
   20 backup.example.com.

Example 4: JSON Output

$ python3 dnsinfo.py google.com --json
{
  "A": ["142.250.190.46"],
  "AAAA": ["2607:f8b0:4009:809::200e"],
  "MX": ["10 smtp.google.com."],
  "NS": ["ns1.google.com.", "ns2.google.com.", "ns3.google.com.", "ns4.google.com."],
  "TXT": ["\"v=spf1 include:_spf.google.com ~all\"", ...],
  "SOA": "ns1.google.com. dns-admin.google.com. 859009256 900 900 1800 60",
  "WHOIS": {
    "registrar": "MarkMonitor, Inc.",
    "creation_date": "1997-09-15",
    "expiration_date": "2028-09-13",
    "name_servers": ["ns1.google.com", "ns2.google.com", "ns3.google.com", "ns4.google.com"]
  }
}

Error Handling

The tool handles various error conditions gracefully:

• Non-existent domains: Shows an error message if the domain doesn't exist
• No records: Indicates when no records of the requested type are found
• Timeout errors: Uses configurable timeouts to prevent hanging
• Network issues: Displays appropriate error messages for DNS resolution failures

Contributing

Feel free to submit issues or enhancement requests to improve the tool.