TCP 53: DNS
The Domain Name System is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities.
-- Wikipedia
Host
Nameserver
host -t ns megacorpone.comMailserver
host -t mx megacorpone.comDomain
host www.megacorpone.comForward lookup
host <hostname>alpha.thinc.local has address <ip>#!/bin/bash
for name in $(cat list.txt); do
host $name.megacorpone.com | grep "has address" | cut -d" " -f1,4
doneReverse lookup
host <ip><ip>.in-addr.arpa domain name pointer alpha.thinc.local.#!/bin/bash
for ip in $(seq 72 91); do
host 38.100.193.$ip | grep "megacorp" | cut -d" " -f1,5
doneZone transfer
A zone transfer is similar to a database replication act between related DNS servers. This process includes the copying of the zone file from a master DNS server to a slave server.
host -l megacorpone.com ns1.megacorpone.com#!/bin/bash
if [ -z "$1" ]; then
echo "Usage : $0 <domain name>"
exit 0
fi
for server in $(host -t ns $1 | cut -d" " -f4); do
host -l $1 $server | grep "has address"
doneAlternative
dig axfr @<ip> <hostname>Tools
DNSRecon
dnsrecon -d <dns-server> -t axfr
dnsrecon -d <dns-server> -r 10.0.0.0/8DNSenum
dnsenum megacorpone.comnslookup
nslookup
> server <ip>Last updated