DNS Recon
DNS Enumeration
DNS enumeration is a very useful exercise to conduct within a network to get hold of all the systems and their hostnames without running a network wide scan with nmap. This comes in handy when you do not want the IPS or firewall to trigger alerts, as DNS zone transfers can be a regular affair within a network.
The following commands can be used for conducting a zone transfer,
dnsrecon -t axfr -d domain.com -n <DNS IP>
Dnsenum is another tool that can be used for listing the different types of records or conduct a zone transfer from a DNS,
dnsenum p42.com
Using dig,
dig +short ns p42.com
dig axfr p42.com @192.168.1.80
Here, p42.com is the domain name for which the zone transfer is requested from the DNS IP 192.168.1.80
You can also request for a DNS zone transfer by just transferring data from an Active Directory as long as the _msdcs service is enabled,
dig axfr @192.168.165.149 _msdcs.p42.com
Last updated
Was this helpful?