5. DNS Enumeration

DNS enumeration techniques are used to obtain information about the DNS servers and network infrastructure of the target organization.

1. DNS Enumeration using zone transfer

dig

find the nameserver of a domain

dig ns zonetransfer.me

Now try the zone transfer for the domain from its primary and secondary name servers

dig axfr zonetransfer.me @nsztm2.digi.ninja

nslookup

Fire up the tool on windows

nslookup
set querytype=soa

Now execute the zone transfer

ls -d nsztm2.digi.ninja

2. Zone transfer using DNSSEC transfer

./dnsrecon.py -d zonetransfer.me -z

-d target domain

-z DNSSEC Zone walk

Other tools

3. DNS Enumeration using Nmap

nmap --script=broadcast-dns-service-discovery zonetransfer.me

DNS brute forcing

nmap -T5 -p 53 --script dns-brute zonetransfer.me

common service records

nmap --script dns-srv-enum --script-args "dns-srv-enum.domain='zonetransfer.me'"

Last updated

Was this helpful?