DNS Enumeration - samuel-richardson/Sam-Tech-Journal GitHub Wiki
DNS Enumeration
Scripts
DNS Reverse Lookup
nslookup
- nslookup can be used to do a reverse dns lookup
- To do reverse dns lookup
nslookup "ip" "dns"
nmap
- nmap can be used to check for dns servers
- An example command would be
sudo namp -Pn --open 10.0.5.1-254 -p 53 -oG dns-server2.txt
- Using nmap to find domains and ips
sudo nmap -sL 10.0.5.0/24 --dns-servers 10.0.5.22
this works similarly to nslookup.
Zone Transfer
- Zone transfers do not work on secured DNS servers
- find name servers with
dig @8.8.8.8 +short NS "dns"
- To do a zone transfer
dig axfr "server" "dns"
Additional Notes
- -E flag in grep can be used to do regex matching
- -V flage in grep is exclusive of the following
- -sL nmap flag lists hosts
Reflection
This lab was useful for understanding how to find dns addresses and resolve them to fin protentional points of interest. Using reverse dns resolution accessible servers can be found.