OSINTGuardian

DNS: analyze the DNS of a domain and websites

Claudia Lopez
Claudia Lopez

ยท

By analyzing the DNS (Domain Name System) with OSINT methods, you can obtain very valuable information from a website, such as the IP address, MX Records (Email Providers) , TXT Records and among others. this is very useful.

With tools like DNS Lookup and DNS Checker you can analyze and collect domain information. Personally, I use these 2 to view information from the email provider.

TXT records that are generally used to create verification texts for third-party services such as Google Console. and with these methods you will be able to know the names of third-party services and send an abuse report.

For example, the domain “google.com” uses the nameservers “ns.google.com” and uses the Gmail service such as MX Records (smtp.google.com).

TXT records in DNS:

In the DNS Lookup you can see how the webmasters of the google.com domain have verification codes from third-party services such as Facebook, Apple, Google Console, Microsoft, DocuSing and among others.

This is useful when, for example, an evil website uses third-party services, you can send message by email to the third-party service team so that they can suspend the service for the crime that that website is committing.

email provider (MX Records):

The mx records show the domains of the email providers, by analyzing the mx records you can know which is the email provider of a website.

nslookup.io mx records show that they use gmail as their email service provider. This information is useful because if an evil website is using a personalized email

You can send an email to the email provider’s abuse department, reporting the abuse and the email provider will suspend the service.

Useful OSINT Tools:

These 2 tools are very useful to obtain information about a domain. Without a doubt, knowing how to analyze DNS is a very important task when investigating and reporting abuse.

  • email provider
  • third-party service names linked to a domain
  • IPv4 or IPv6 Adresss
  • Nameservers

In short, this is useful for conducting an investigation to make a report of abuse to a website provider.