5. DNS Enumeration

DNS enumeration techniques are used to obtain information about the DNS servers and network infrastructure of the target organization.

1. DNS Enumeration using zone transfer

dig

find the nameserver of a domain

dig ns zonetransfer.me

Now try the zone transfer for the domain from its primary and secondary name servers

dig axfr zonetransfer.me @nsztm2.digi.ninja

nslookup

Fire up the tool on windows

nslookup
set querytype=soa

Now execute the zone transfer

ls -d nsztm2.digi.ninja

2. Zone transfer using DNSSEC transfer

LogoGitHub - darkoperator/dnsrecon: DNS Enumeration ScriptGitHub
./dnsrecon.py -d zonetransfer.me -z

-d target domain

-z DNSSEC Zone walk

Other tools

LogoGitHub - davebarr/dnswalk: A DNS database debuggerGitHub

3. DNS Enumeration using Nmap

nmap --script=broadcast-dns-service-discovery zonetransfer.me

DNS brute forcing

nmap -T5 -p 53 --script dns-brute zonetransfer.me

common service records

nmap --script dns-srv-enum --script-args "dns-srv-enum.domain='zonetransfer.me'"
LogoCertified Ethical Hacker (CEHv12) Practical hands on LabsUdemy
Previous4. NFS EnumerationNext6. SMTP Enumeration

Last updated

Was this helpful?