5. DNS Enumeration

1. DNS Enumeration using zone transfer

dig

find the nameserver of a domain

dig ns zonetransfer.me

Now try the zone transfer for the domain from its primary and secondary name servers

dig axfr zonetransfer.me @nsztm2.digi.ninja

nslookup

fire up the tool on windows

nslookup
set querytype=soa

Now execute the zone transfer

ls -d nsztm2.digi.ninja

2. Zone transfer using DNSSEC transfer

./dnsrecon.py -d zonetransfer.me -z

-d target domain

-z DNSSEC Zone walk

Other tools

3. DNS Enumeration using nmap

nmap --script=broadcast-dns-service-discovery zonetransfer.me

DNS brute forcing

nmap -T5 -p 53 --script dns-brute zonetransfer.me

common service records

nmap --script dns-srv-enum --script-args "dns-srv-enum.domain='zonetransfer.me'"
Previous4. NFS EnumerationNext6. SMTP Enumeration

Last updated