# DNS (53)

### **Dig**

**dig axfr&#x20;**<mark style="color:blue;">**\<domain>**</mark>**&#x20;@**<mark style="color:blue;">**\<ip address>**</mark>

AXFR (Full Zone Transfer) is a type of DNS zone transfer that replicates the entire DNS zone from the master server to the slave server. This is done when the slave server is being set up or when the master server has been updated with new DNS resource records.

<br>

```
dig axfr realcorp.htb @10.10.10.224
```

### Lookup Domain

If there is port 53 and we found another subdomain, check the IP of the other domain, sometimes they are different IP address.&#x20;

check subdomain with this:

{% embed url="<https://hacker-mind.gitbook.io/hacker-mind/penetration-testing-notes/web-application-80-443#fuzz-subdomain-vhost>" %}

```
nslookup

> server 10.10.10.224
> ns.realcorp.htb

```

<figure><img src="https://1855963211-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FaDjlLLsWaat1v8p89kgM%2Fuploads%2FO4zHNmbqgygTcdgoOBR1%2Fimage.png?alt=media&#x26;token=c389c824-cee9-4a26-b952-dcd9057ce65f" alt=""><figcaption><p>result</p></figcaption></figure>

### DNS Recon

Requirement:

1. IP Address
2. Range Target

```
dnsrecon -r <range> -n <ip with port 53> -d random

dnsrecon -r 10.197.251.0/24 -n 10.10.10.224 -d random
```