# DIG Query #### dig - NS query DNS 서버로부터 특정 도메인의 NS 레코드를 질의. ```bash dig ns <domain> @<DNS server IP> dig ns wook.com @10.10.10.6 ``` #### dig - ANY query View all available records. ```bash dig any <domain> @<DNS Server IP> dig any wook @10.10.10.6 ``` #### dig - version query Query a DNS server’s version using a class CHAOS query and type TXT. ```bash dig CH TXT version.bind <DNS server IP> ``` #### dig - AXFR Zone Transfer `Zone Transfer` refers to the transfer of zones to another server in DNS. - Since a DNS failure has severe consequences for a company, the zone file is almost invariably kept identical on several name servers. - When changes are made, it must be ensured that all servers have the same data. ```bash dig axfr <domain> @<DNS server IP> ``` ### Subdomain Brute Forcing - script ```bash for sub in $(cat /opt/useful/seclists/Discovery/DNS/subdomains-top1million-110000.txt);do dig $sub.<domain> @<DNS server IP> | grep -v ';\\|SOA' | sed -r '/^\\s*$/d' | grep $sub | tee -a subdomains.txt;done ``` ### Subdomain Brute Forcing - dnsenum ```bash dnsenum --dnsserver <DNS server IP> --enum -p 0 -s 0 -o subdomains.txt -f /opt/useful/seclists/Discovery/DNS/subdomains-top1million-110000.txt <domain> ```