TCP 53: DNS

The Domain Name System is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities.
-- Wikipedia

Host

Nameserver

host -t ns megacorpone.com

Mailserver

host -t mx megacorpone.com

Domain

host www.megacorpone.com

Forward lookup

host <hostname>

alpha.thinc.local has address <ip>

#!/bin/bash
for name in $(cat list.txt); do
	host $name.megacorpone.com | grep "has address" | cut -d" " -f1,4
done

Reverse lookup

host <ip>

<ip>.in-addr.arpa domain name pointer alpha.thinc.local.

#!/bin/bash
for ip in $(seq 72 91); do
	host 38.100.193.$ip | grep "megacorp" | cut -d" " -f1,5
done

Zone transfer

A zone transfer is similar to a database replication act between related DNS servers. This process includes the copying of the zone file from a master DNS server to a slave server.

host -l megacorpone.com ns1.megacorpone.com

#!/bin/bash
if [ -z "$1" ]; then
	echo "Usage : $0 <domain name>"
	exit 0
fi

for server in $(host -t ns $1 | cut -d" " -f4); do
	host -l $1 $server | grep "has address"
done

Alternative

dig axfr @<ip> <hostname>

Tools

DNSRecon

dnsrecon -d <dns-server> -t axfr
dnsrecon -d <dns-server> -r 10.0.0.0/8

DNSenum

dnsenum megacorpone.com

nslookup

nslookup
> server <ip>

PreviousTCP 25, 587: SMTP NextTCP 80, 443: HTTP(S)

Last updated 3 years ago