Certified Ethical Hacker (CEH v13) — Question 34

As a Certified Ethical Hacker, you are conducting a footprinting and reconnaissance operation against a target organization. You discover a range of IP addresses associated with the target using the SecurityTrails tool. Now, you need to perform a reverse DNS lookup on these IP addresses to find the associated domain names, as well as determine the nameservers and mail exchange (MX) records. Which of the following DNSRecon commands would be most effective for this purpose?

Answer options

• A. dnsrecon -r 192.168.1.0/24 -n nsl.example.com -t axfr
• B. dnsrecon -r 10.0.0.0/24 -n nsl.example.com -t zonewalk
• C. dnsrecon -r 162.241.216.0/24 -n nsl.example.com -t std
• D. dnsrecon -r 162.241.216.0/24 -d example.com -t brt

Correct answer: C

Explanation

The correct answer is C, as the command 'dnsrecon -r 162.241.216.0/24 -n nsl.example.com -t std' performs a standard DNS enumeration, which retrieves domain names, nameservers, and MX records for the specified IP range. Options A and B use incorrect target types (axfr and zonewalk) that are not suitable for general querying, and option D specifies a domain rather than an IP range, which is not aligned with the objective of reverse lookup.