dns.md 1.2 KB
DNS Enumeration and zone transfer
Check basic tools availability
Host
host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa.
$ whatis host
Dig
dig is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers tha are returned from the name server(s) that were queried.
$ whatis dig
Simple DNS lookup
$ host example.com
Query name services
$ host -t ns example.com
A records
$ host -t a example.com
MX records
$ host -t mx example.com
General information gathering
$ dig example.com
Specify type
$ dig -t ns example.com
Perform zone transfer query
$ dig axfr example.com @dns.server.server
General information, zone transfer and bruteforce
$ dnsenum example.com
$ fierce -dns example.com
Effective bruteforcing with SecLists, nmap, fierce and dnsmap
$ nmap -p 53 --script dns-brute --script-args=[script-options] example.com
$ fierce -dns example.com -wordlist wordlist.txt
$ dnsmap example.com -w wordlist.txt