DNS Enumeration

Some helpful commands when performing dns enumeration.  I recommend also using dnsenum, but for some out of the box commands here are some.

if you have dnsenum.

perl dnsemum example.com

dig -t axfr domain.com
dig -x ip address   Might be handy to create a for loop --> for i in {1..255}; do dig -x 10.1.1.%i
dig -t mx examle.com

This will list all your domain controllers in the environment.

nslookup
set q=srv
_ldap._tcp.dc._msdcs.example.com  

Lookup mx records

nslookup
set q=mx
example.com

dnsmap that comes pre installed with BT5 is pretty nice dns enumeration tool.  Really easy to use too.

dnsmap domain.com