# Pentest DNS

### Domain Information Groper (dig)

Target can be a domain name, IPv4 or IPv6 address. 

Default lookup:

```
dig <target>
```

Clean or short output:

```
dig +short <target>
```

Query specific DNS server:

```
dig @IPv4 <target> 
dig @ns1.target.com target.com
```

Query specific DNS record:

```
dig target.com A
dig target.com AAAA
dig target.com MX
dig target.com NS
dig target.com TXT
dig target.com CNAME
dig target.com SOA
dig target.com PTR
dig target.com SRV
dig target.com ANY
```

Reverse DNS lookup:

```
dig -x IPv4/IPv6
```

Zone Transfer (AXFR attack):

```
dig axfr <target> @IPv4
```

If success, you will have the access to those subdomains which you didnt have before.

Trace DNS resolution path:

```
dig <target> +trace
```

For specific port:

```
dig <target> -p <port>
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://kaizoku.gitbook.io/notes/protocols/dns-port-53/pentest-dns.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.