DNS

Domain Name System - Port 53

Enumeration

Resolve the IP

Start nslookup

nslookup

• Specify the DNS server:

server 10.10.10.10

• Now, query for the given IP address, looking up its DNS records:

10.10.10.10

Transfer Zones

• If DNS is running over TCP try a zone transfer:

dig axfr HOST.NAME @10.10.10.29

Bruteforce DNS Hostname

nmap -Pn -script=dns-brute domain.com

Whois Query

nmap -script whois* domain.com

Banner Grab

nmap -n -p<PORT> --script dns-nsid <IP>