DNS Zone Transfer – Network Enumeration

Hi Testers,

Adding some information about DNS Zone Transfer,
We all are working on Gathering DNS information – It may help us to have confidential information – isn’t it ?

Here is the one small command (tool) that everyone have an idea, named as Dig (Source link – http://en.wikipedia.org/wiki/Dig_%28command%29%29

With proper understanding of any tools and proper timing of use – You can save your various time and implement various things on VAPT topic.
(May be command of Dig is known for experts but this information is for beginners only)

Command 1: dig http://www.target.com (hopefully show you Target Real IP address)

Command 2: dig http://www.target.com MX
(Can you find real IP range of your Target Network ? even you can conclude about webserver’s own mail functionality ?)

Command 3: dig http://www.target.com MX +noall +answer
Command 4: dig http://www.target.com MX +short

Through dig you can get, Exchange Records (MX), nameservers(NS), address records (A), PTR records (PTR), ixfr serial number to transfer DNS Zone Wink etc etc..

I hope you can try various dig command and understand the initial step of Testing.

(May be you are thinking that there are various automated tools provide auto report about DNS then why to use dig command or manual testing ?)

May be right question in your mind – but have you worked on manual testing before ? and how much accurate information you got ?. we can use automated tools to perform respective action but remember that tools are working on defined task/procedure, you have to configure it manually according to your requirement.


Command x: dig http://www.target.com AXFR
Command y: dig http://www.target.com IXFR (IXFR is incremental zone transfer)

DNS Brute Force:
Here is the perl script that help to work on DNS brute-Force

Source Link: http://packetstormsecurity.com/files/24865/blindcrawl.pl.html

Command z: perl blindcrawl.pl -d http://www.target.com

Even Google(gxfr.py) help you lot to know the information about DNS

Fierce is the tool that help you to do DNS zone transfer –

follow the link,


Feel Free to reply back Smile


Leave your reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s