In this section, we'll learn how we can get comprehensive DNS information about the target website. Just to give a quick review on what DNS is, when we type FACEBOOK.COM, a DNS SERVER will convert the name into an IP address. The DNS SERVER contains a number of records, each pointing to a different domain or to a different IP. Sometimes, they point to the same IP, but in general, they request the domain name, it gets converted into an IP address, and, depending on the address, the information needs to be stored somewhere. We're going to query the DNS SERVER and see what information we can get through it. The process is illustrated in the following diagram:

We're going to be using a website called Robtex (https://www.robtex.com/), searching isecur1ty.org. Next, just click on GO and select the first result on the website.

Now, we can see here that this report contains a lot of information, but we have a nice little index that will help us navigate through it. A lot of this information is a little bit advanced, so we will be skipping through a lot of it because we want to keep this as basic as possible. Web penetration testing is a vast topic in itself. Hence, we're going to keep this a little bit basic, and we'll see what information we can see in the following screenshot:

Firstly, we get information about the website. We can see the DNS records, we can see the Name servers that have been used, and we can see some Mail servers. We can also see the RECORDS that we were talking about and the DNS server:

Here, we can see all of these records. We can see the a record, the one that converts a domain name to an IP address, and if we remember, when we were performing DNS spoofing, we added an A record in our dns.conf and iter.conf files. The a record is actually what's used in the DNS servers to link isecur1ty.org to its IP address, but again, there is another type of record; for example, we have the ns record, which links the domain, the name server. We can also see the mx record in the following screenshot, which links it to the mail server, and we can see that the website uses a Google mail server, so it's probably using Gmail to provide mail services:

Scrolling further, we have a graph of how all of the services interact with each other, how the services use the records, and how they are translated into IP addresses:

In the Shared tab, we will see if any of these resources are being shared:

We can also see that it's using three Name servers. We can see the Mail servers, and we can also see a number of websites pointing to the same IP address, and a number of domain names, pointing to the same IP address. Therefore, the preceding websites are stored on the same web server. Now, again, there is more information about the name servers and websites that are Sharing mail servers. It doesn't mean that these websites are on the same server, but the most important thing is that we have the websites pointing to the same IP, which means that these websites exist on the same server. Now, if you gain access to any of the websites mentioned, it will be very easy to gain access to isecur1ty.org.