Final answer:
To enumerate DNS servers during the initial reconnaissance phase of penetration testing, the built-in tool nslookup is used. It queries the Domain Name System for domain names or IP addresses, unlike other tools which serve different purposes like Nmap for network discovery and Wireshark for packet analysis.
Step-by-step explanation:
A penetration tester conducting the initial reconnaissance phase and targeting externally facing servers for a certain company would use nslookup to enumerate the domain name system (DNS) servers. nslookup is a network administration command-line tool available for many computer operating systems. It is used for querying the Domain Name System to obtain domain name or IP address mapping or for any other specific DNS record.
Nmap could be used for network discovery and security auditing, Wireshark for packet analysis, and netstat for network statistics, but for DNS enumeration, nslookup is the appropriate built-in tool. nslookup can provide valuable information such as the IP addresses of a domain's name servers, the domain's MX records, and more.