DNS | TLDRBins

Usage Tips:

Click on a keyword to enable inline editing.
Click inside a code block to copy (excludes comments).
Use the button to view examples.
Click outside to collapse all examples.

Zone Transfer


dig +noall +answer @<NAME_SERVER> <DOMAIN> AXFR 
Sample Output:
$ dig +noall +answer snoopy.htb axfr @10.10.11.212
snoopy.htb.             86400   IN      SOA     ns1.snoopy.htb. ns2.snoopy.htb. 2022032612 3600 1800 604800 86400
snoopy.htb.             86400   IN      NS      ns1.snoopy.htb.
snoopy.htb.             86400   IN      NS      ns2.snoopy.htb.
mattermost.snoopy.htb.  86400   IN      A       172.18.0.3
mm.snoopy.htb.          86400   IN      A       127.0.0.1
ns1.snoopy.htb.         86400   IN      A       10.0.50.10
ns2.snoopy.htb.         86400   IN      A       10.0.51.10
postgres.snoopy.htb.    86400   IN      A       172.18.0.2
provisions.snoopy.htb.  86400   IN      A       172.18.0.4
www.snoopy.htb.         86400   IN      A       127.0.0.1
snoopy.htb.             86400   IN      SOA     ns1.snoopy.htb. ns2.snoopy.htb. 2022032612 3600 1800 604800 86400


# Spoof source ip
dig +noall +answer @<NAME_SERVER> <DOMAIN> AXFR -b <IP>
Sample Output:
TO-DO

Domain Discovery


nslookup -querytype=<TYPE> <DOMAIN>
Sample Output:
$ nslookup -querytype=ANY google.com
Server:         192.168.1.1
Address:        192.168.1.1#53

Non-authoritative answer:
Name:   google.com
Address: 142.250.197.174
Name:   google.com
Address: 2404:6800:4005:823::200e
google.com
        origin = ns1.google.com
        mail addr = dns-admin.google.com
        serial = 780174493
        refresh = 900
        retry = 900
        expire = 1800
        minimum = 60
google.com      nameserver = ns3.google.com.
google.com      nameserver = ns1.google.com.
google.com      nameserver = ns2.google.com.
google.com      nameserver = ns4.google.com.

Authoritative answers can be found from:


dig +noall +answer @<NAME_SERVER> <DOMAIN> <TYPE>
Sample Output:
$ dig +noall +answer @8.8.8.8 google.com ANY
google.com.             300     IN      A       142.250.196.238
google.com.             300     IN      AAAA    2404:6800:4005:80b::200e
---[SNIP]---


# Concise Output
dig +noall +answer +short @<NAME_SERVER> <DOMAIN> <TYPE>
Sample Output:
$ dig +noall +answer @10.10.11.212 +short snoopy.htb any
ns1.snoopy.htb. ns2.snoopy.htb. 2022032612 3600 1800 604800 86400
ns2.snoopy.htb.
ns1.snoopy.htb.


A     - Address record
AAAA  - IPv6 address record
MX    - Mail exchange record
NS    - Name server record
TXT   - Text record
CNAME - Canonical name record
SOA   - Start of Authority record
ANY   - Retrieves all available record types (not always supported)
Sample Output:
TO-DO


# Reverse Lookup
dig +noall +answer @<NAME_SERVER> -x <IP>
Sample Output:
$ dig +noall +answer @10.10.11.212 -x 10.10.11.212

Update DNS Record

1. Interactive


nsupdate
Sample Output:
TO-DO

2. Update DNS Record


server <NAME_SERVER>
Sample Output:
TO-DO


# Optional
zone <ZONE>
Sample Output:
TO-DO


# Optional: Assign local source address
local <IP>
Sample Output:
local 127.20.0.1


# Optional: Delete a record
update delete <DOMAIN>. A
Sample Output:
TO-DO


update add <DOMAIN>. <TTL> <TYPE> <IP>
Sample Output:
udpate add example.com. 3600 A 192.168.1.1


send
Sample Output:
TO-DO

Check DNS Configuration


Get-WmiObject -Namespace "Root\MicrosoftDNS" -Class "MicrosoftDNS_Zone" | Where-Object { $_.ZoneType -eq <ZONE_TYPE> }
Sample Output:
TO-DO


0 - Cache Zone
1 - Primary Zone
2 - Secondary Zone
3 - Stub Zone
4 - Forwarder/Conditional Forwarder Zone
Sample Output:
TO-DO

Check A Records


(Get-DnsServerZone).ZoneName | ForEach-Object { $zoneName = $_; $aRecords = Get-DnsServerResourceRecord -ZoneName $zoneName -RRType A; if ($aRecords) { $aRecords | Select-Object @{n="ZoneName";e={$zoneName}}, HostName, @{n="IPAddress";e={$_.RecordData.IPv4Address}} } else { [PSCustomObject]@{ZoneName=$zoneName; HostName="No A records found"; IPAddress=""} } }
Sample Output:
TO-DO