DNS servers are an attractive target for attackers and penetration testers. They regularly include data that is considered highly important to attackers.
DNS is a core element of both our local networks and the Internet. With other things, DNS is responsible for the process of translating domain names to IP addresses. For humans, it is much simpler for them to remember “google.com” rather than http://220.127.116.11. But, machines prefer the reverse. DNS serves as the middleman to make this translation process.
As penetration testers, it is necessary to concentrate on the DNS servers that belong to our target. The reason is simple. In order for DNS to function correctly, it needs to be aware of both the IP address and the corresponding domain name of each machine on its network.
In terms of reconnaissance, obtaining full access to an organization’s DNS server is like finding a pot of gold at the end of a rainbow. Or perhaps, more correctly, it is like finding a blueprint for the organization. But in this example, the blueprint includes a complete listing of private IP addresses that belong to our target. Remember one of the key components of data gathering is to collect IP addresses that belong to the target.