DNS Enumeration - Adam-Hachem/SEC335 GitHub Wiki
Bash DNS Port Scan
DNS Resolving script
Find DNS servers with NMAP
sudo nmap -Pn 10.0.5.0/24 -open -p 53 -oG dns-servers2.txt
cat dns-servers2.txt | grep -oE "([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) " | sort --unique
NMAP for domain resolution
nmap -sL 10.0.5.0/24 --dns-servers 10.0.5.22 | grep -e 'Nmap scan report for [a-zA-Z]' | awk '{print $5, $6}'
Zone transfer
dig axfr @nsztm1.digi.ninja zonetransfer.me > zt.txt
dig axfr @nsztm2.digi.ninja zonetransfer.me >> zt.txt
cat zt.txt | grep -E " A " | awk {'print $1","$5'}
This will do a zone transfer on two DNS servers and print out all the address records.