53 - DNS

Enumeration

Note: Many of the techniques accomplished below can also be accomplished using DNS repositories, such as DNSdumpster.com

nslookup

nslookup $domain.com
nslookup $ipaddress (reverse lookup)

dig

Basic syntax: dig @<nameserver> somesite.com options
dig somesite.com -t any (all available records)
dig somesite.com -t mx (mx records only)
dig somesite.com -t axfr (zone transfer)
dig -x $ipaddress (reverse lookup)

host

Host www.somesite.com (web server)
Host -t ns somesite.com (nameservers)
Host -t mx somesite.com (mail servers)
host -l <domain name> <dns server address> (zone transfer)

Automated tools

DNSRECON

dnsrecon -d somesite.com -t axfr
dnsrecon -r CIDR (reverse DNS lookup of net block)
-d: used to specify domain name
-r: IP range for reverse lookup
-t: used to specify the type of enumeration
    Common types include:
    std - SOA, NS, A, AAAA, MX and SRV
    axfr - test all nameservers for zone transfer
    brt - brute force domains and hosts using a given dictionary

DNSenum

dnsenum $domain.com

Previous25 - SMTP Next80/443 - HTTP(s)

Last updated 1 year ago