Page cover

DNS

Domain Name System - Port 53

Enumeration

Resolve the IP with nslookup

Start nslookup
nslookup
  • Specify the DNS server:

server 10.10.10.10
  • Now, query for the given IP address, looking up its DNS records:

10.10.10.10

Check Transfer Zones

  • If DNS is running over TCP try a zone transfer:

dig axfr HOST.NAME @10.10.10.29

Bruteforce DNS Hostname

nmap -Pn -script=dns-brute domain.com

Whois Query

By nmap
nmap -script whois* domain.com

Banner Grab

nmap -n -p<PORT> --script dns-nsid <IP>

Last updated