DNS Recon
DNS Enumeration
DNS enumeration is a very useful exercise to conduct within a network to get hold of all the systems and their hostnames without running a network wide scan with nmap. This comes in handy when you do not want the IPS or firewall to trigger alerts, as DNS zone transfers can be a regular affair within a network.
The following commands can be used for conducting a zone transfer,
Dnsenum is another tool that can be used for listing the different types of records or conduct a zone transfer from a DNS,
Using dig,
Here, p42.com is the domain name for which the zone transfer is requested from the DNS IP 192.168.1.80
You can also request for a DNS zone transfer by just transferring data from an Active Directory as long as the _msdcs service is enabled,
Last updated