DNS Reconnaissance with NSLOOKUP
NSLOOKUP helps you find other hosts connected to the domain you’re looking at
NSLOOKUP Authoritative Name Servers
NSLOOKUP Start of Authority Records. SOA record stores important information about the zone, such as its primary authoritative name server and the administrator’s email address.
NSLOOKUP: can search for mail servers
NSLOOKUP: Reverse lookup
NSLOOKUP: IPV6 Addresses
NSLOOKUP: Canonical Names
Performing a Zone Transfer with NSLOOKUP
Looking up name servers of zonetransfer.me. Example: nsztm1.digi.ninja
Go into “NSLOOKUP”.
Set the server to the <<NAMESERVER>> of the domain you are looking into
Set the type equal to any. “set type=any”. Grabs ALL the records
“ls -d <<DOMAIN_NAME>>” Prints out a list of all the records associated with the domain and prints it to the text file name “MyZoneTransfer”
