The host utility is native to the Linux operating system and can help us to obtain various DNS information about a target domain:
- Open a new Terminal on Kali Linux and execute the host zonetransfer.me command; the host tool will attempt to obtain the DNS records, such as the A and MX records, for the domain:
Retrieving DNS records using host
- Use the host -t ns zonetransfer.me command to attempt enumeration by obtaining the nameservers for the domain. The -t operator allows you to specify the DNS record:
Nameserver records
- Now that we have obtained the nameservers for the domain, let's use the information we have gathered so far. Let's attempt to perform a DNS zone transfer by querying nameservers for the domain by using the host -l zonetransfer.me nsztml.digi.ninja command, as shown in the following screenshot:
DNS zone transfer with host
Be sure to query all nameservers for a given domain—sometimes, one server may be misconfigured even though the others are secured.
Now that you have the skills to perform DNS enumeration and zone transfers, let's attempt to discover subdomains using DNS.