I’m doing the path of junior pentester and I don’t quite understand the concept of dns.
This is what I think I understood:
A dns server is put into operation so that clients can connect to the company’s website using the domain name and not the IP, which would be inconvenient.
A company sets up its own DNS server and does not use Google’s, for example, to maintain its privacy, so that Google cannot spy on its requests.
The company can be large and divide its network into sub-networks, each with a DNS server (ANS) that encompasses a delimited zone in which these sub-networks are located.
With the “dig” command to an ANS, you can find out other server names (the subnets?) by retrieving the “ns” records of that ANS, since in the configuration file of each dns server, there is a records section of ns.
Finally there is the idea of zone transfers. When the ns record of an ANS that refers to some sub-network changes, this change is propagated through the different ANS as a form of “backup”. The administrator may have enabled the ability to do these log transfers manually, and the pentester can use “dig axfr” to get the domain names or IPs of the other subnets on the server. In this way they can in turn be analyzed, since perhaps one of those subnets is vulnerable to a vulnerability that another subnet is not.
Basically the objective of this enumeration is to use the different DNS servers to find all the possible sub-networks and thus be able to analyze them all.
And that’s it… can you help me understand it? I would really appreciate it.