DNS

Domain Name System - Port 53

Enumeration

Resolve the IP

Start nslookup
nslookup

  • Specify the DNS server:

server 10.10.10.10

  • Now, query for the given IP address, looking up its DNS records:

10.10.10.10

Transfer Zones

  • If DNS is running over TCP try a zone transfer:

dig axfr HOST.NAME @10.10.10.29
Bruteforce DNS Hostname
nmap -Pn -script=dns-brute domain.com
Whois Query
nmap -script whois* domain.com
Banner Grab
nmap -n -p<PORT> --script dns-nsid <IP>
PreviousTelnetNextFTP

Last updated