# 53 - Pentesting DNS ## DNS Zone Transfer Online We can use the following website to do DNS Zone Transfer {% embed url="" %} We can get a lot of interesting information doing Zone Transfer below we can see that i did a zone transfer **zonetransfer.me**

## Zone Transfer using NSLookup We can use nslookup as well to do zone transfer Manually ```javascript nslookup -type=NS zonetransfer.me // Nameservers nslookup -type=any -query=AXFR zonetransfer.me nsztm1.digi.ninja //any and axfr ``` Sometimes you might not get anything using zone transfer so you need to check that wether the IP address is actually the DNS for Domain or not, by using Below command ```python nslookup -type=ns inlanefreight.htb 10.129.121.23 ```

## Zone Transfer using DIG ```python dig dig @ #Example dig inlanefreight.htb dig axfr inlanefreight.htb @10.129.121.23 ```

## DNScan We can use dnscan to find out some more valuable information like subdomains, DNScan comes with its own wordlists which we can use 1. -d -------> Domain 2. -w ------> wordlist

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://notes.programmersecurity.com/network-penetration-testing/53-pentesting-dns.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.