Enumeration - DNS

whois

whois $URL

nslookup $URL

host $URL
host -t A $URL
host -t MX $URL
host -t TXT $URL
host -t CNAME $URL

zone transfer

host -l $URL ns1.$URL

dnsrecon -n $IP -d $URL

zone transfer

dnsrecon -n $IP -d $URL -t axfr

subdomain enumeration

SUB=/usr/share/wordlists/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt
dnsrecon -d $URL -n $IP -D $SUB -t brt

subdomain enumeration

SUB=/usr/share/wordlists/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt
gobuster dns -d nsa.gov -r $IP -w $

zone transfer

dig axfr @$IP example.com

dig chaos*

dig @$IP chaos version.bind txt 
dig @$IP chaos hostname.bind txt 
dig @$IP chaos authors.bind txt 
dig @$IP chaos ID.server txt

dnsenum $URL
dnsenum --dnsserver $IP $URL

subdomain enumeration

SUB=/usr/share/wordlists/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt
dnsenum --dnsserver $IP -f $SUB $URL