# 5. DNS Enumeration
## 1. DNS Enumeration using zone transfer
### dig
find the nameserver of a domain
```
dig ns zonetransfer.me
```
Now try the zone transfer for the domain from its primary and secondary name servers
```
dig axfr zonetransfer.me @nsztm2.digi.ninja
```
### nslookup
Fire up the tool on windows
```
nslookup
set querytype=soa
```
Now execute the zone transfer
```
ls -d nsztm2.digi.ninja
```
## 2. Zone transfer using DNSSEC transfer
{% embed url="" %}
```
./dnsrecon.py -d zonetransfer.me -z
```
{% hint style="info" %}
-d target domain
-z DNSSEC Zone walk
{% endhint %}
**Other tools**
{% embed url="" %}
## 3. DNS Enumeration using Nmap
```
nmap --script=broadcast-dns-service-discovery zonetransfer.me
```
DNS brute forcing
```
nmap -T5 -p 53 --script dns-brute zonetransfer.me
```
common service records
```
nmap --script dns-srv-enum --script-args "dns-srv-enum.domain='zonetransfer.me'"
```
{% embed url="" %}
{% embed url="" %}
{% embed url="" %}
