TCP 53: DNS
The Domain Name System is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities.
-- Wikipedia
Host
Nameserver
host -t ns megacorpone.com
Mailserver
host -t mx megacorpone.com
Domain
host www.megacorpone.com
Forward lookup
host <hostname>
alpha.thinc.local has address <ip>
#!/bin/bash
for name in $(cat list.txt); do
host $name.megacorpone.com | grep "has address" | cut -d" " -f1,4
done
Reverse lookup
host <ip>
<ip>.in-addr.arpa domain name pointer alpha.thinc.local.
#!/bin/bash
for ip in $(seq 72 91); do
host 38.100.193.$ip | grep "megacorp" | cut -d" " -f1,5
done
Zone transfer
A zone transfer is similar to a database replication act between related DNS servers. This process includes the copying of the zone file from a master DNS server to a slave server.
host -l megacorpone.com ns1.megacorpone.com
#!/bin/bash
if [ -z "$1" ]; then
echo "Usage : $0 <domain name>"
exit 0
fi
for server in $(host -t ns $1 | cut -d" " -f4); do
host -l $1 $server | grep "has address"
done
Alternative
dig axfr @<ip> <hostname>
Tools
DNSRecon
dnsrecon -d <dns-server> -t axfr
dnsrecon -d <dns-server> -r 10.0.0.0/8
DNSenum
dnsenum megacorpone.com
nslookup
nslookup
> server <ip>
Last updated