Forward-confirmed Reverse DNS (FCRDNS) is a method used to validate the authenticity and correctness of the DNS configuration for a given IP address. It involves verifying that a reverse DNS lookup (PTR record) associated with an IP address corresponds to a forward DNS lookup (A or AAAA record) pointing back to the same IP address. This technique helps ensure that the DNS records for an IP address are properly configured and consistent, reducing the likelihood of misconfigurations and potential spoofing.
Nmap, a popular network scanning tool, provides a script called "fcrdns" that allows users to perform FCRDNS checks on hosts within a network. By executing the "--script fcrdns" option in conjunction with an Nmap scan, the tool will automatically perform FCRDNS verification for the specified targets.
During the FCRDNS process, Nmap's "fcrdns" script first queries the DNS server to obtain the PTR record associated with an IP address. This record maps the IP address to a domain name. The script then performs a forward DNS lookup to retrieve the A or AAAA record associated with the domain name. If the IP address obtained from the forward lookup matches the original IP address being tested, the FCRDNS check is successful. However, if the IP addresses do not match, it indicates a DNS misconfiguration or potential spoofing.
When conducting a network scan using Nmap's FCRDNS script, the results will provide information about the success or failure of the FCRDNS checks for each scanned host. Administrators can use these results to identify hosts with DNS inconsistencies and take appropriate actions to rectify the issues.
However, it's worth noting that FCRDNS checks have certain limitations. Some legitimate hosts may have misconfigured DNS settings, resulting in a failed FCRDNS check. Additionally, certain networks or hosting environments may intentionally configure their DNS in a way that does not comply with FCRDNS requirements. In such cases, administrators should carefully analyze the results and consider the specific context before making conclusions or taking any actions based solely on FCRDNS results.
Overall, Forward-confirmed Reverse DNS is a valuable technique for verifying DNS configurations and ensuring the authenticity of hosts. When combined with Nmap's "fcrdns" script, network administrators and security professionals can leverage this method to enhance their understanding of network infrastructure, detect potential spoofing attempts, and mitigate DNS-related issues.
nmap -sn -Pn --script fcrdns [target]
[target]: Is you Domain host name or IP