Wild-carded DNS enumeration should be possible and would be a useful feature.
If its already been determined that the DNS is wildcard, then various queries
are resolving into the same resource record, i.e.
abc.foo.com == A ==> 10.0.0.1
xyz.foo.com == A ==> 10.0.0.1
fff.foo.com == A ==> 10.0.0.1
.
.
.
Make note of that as:
*.foo.com? == A ==> 10.0.0.1
and anything that doesn't resolve into 10.0.0.1, it isn't a wildcard entry,
continuing our example:
abc.foo.com == A ==> 10.0.0.1
xyz.foo.com == A ==> 10.0.0.1
fff.foo.com == A ==> 10.0.0.1
db.foo.com == A ==> 192.168.0.123
orf.foo.com == A ==> 10.0.0.1
iwd.foo.com == A ==> 10.0.0.1
.
.
.
Once the enumeration finishes, you could output something like:
*.foo.com? == A ==> 10.0.0.1
db.foo.com == A ==> 192.168.0.123
Original issue reported on code.google.com by rsrip...@gmail.com on 31 Dec 2011 at 10:52
Original issue reported on code.google.com by
rsrip...@gmail.comon 31 Dec 2011 at 10:52