DNS Enumeration

Scripts

• DNS Enumerations Scripts

DNS Reverse Lookup

nslookup

• nslookup can be used to do a reverse dns lookup
• To do reverse dns lookup nslookup "ip" "dns"

nmap

• nmap can be used to check for dns servers
• An example command would be sudo namp -Pn --open 10.0.5.1-254 -p 53 -oG dns-server2.txt
• Using nmap to find domains and ips sudo nmap -sL 10.0.5.0/24 --dns-servers 10.0.5.22 this works similarly to nslookup.

Zone Transfer

• Zone transfers do not work on secured DNS servers
• find name servers with dig @8.8.8.8 +short NS "dns"
• To do a zone transfer dig axfr "server" "dns"

Additional Notes

• -E flag in grep can be used to do regex matching
• -V flage in grep is exclusive of the following
• -sL nmap flag lists hosts

Reflection

This lab was useful for understanding how to find dns addresses and resolve them to fin protentional points of interest. Using reverse dns resolution accessible servers can be found.