DNS

Nmap discovered a DNS service running on the port 53 of the nara.nara-security.com(192.168.209.30) host. The running service is Simple DNS Plus

nslookup

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nara]
└─$ nslookup
> server 192.168.209.30
Default server: 192.168.209.30
Address: 192.168.209.30#53
> 127.0.0.1
1.0.0.127.in-addr.arpa	name = localhost.
> 192.168.209.30
;; communications error to 192.168.209.30#53: timed out
;; Got SERVFAIL reply from 192.168.209.30
** server can't find 30.209.168.192.in-addr.arpa: SERVFAIL
> nara.nara-security.com
Server:		192.168.209.30
Address:	192.168.209.30#53
 
Name:	nara.nara-security.com
Address: 192.168.209.30
> NARA-SECURITY.COM
Server:		192.168.209.30
Address:	192.168.209.30#53
 
*** Can't find NARA-SECURITY.COM: No answer

N/A

dig

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nara]
└─$ dig any nara.nara-security.com @$IP    
 
; <<>> DiG 9.20.9-1-Debian <<>> any nara.nara-security.com @192.168.209.30
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18228
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;nara.nara-security.com.		IN	ANY
 
;; ANSWER SECTION:
nara.nara-security.com.	3600	IN	A	192.168.209.30
 
;; Query time: 16 msec
;; SERVER: 192.168.209.30#53(192.168.209.30) (TCP)
;; WHEN: Tue Jul 01 14:15:04 CEST 2025
;; MSG SIZE  rcvd: 67
 
 
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nara]
└─$ dig any NARA-SECURITY.COM @$IP     
 
; <<>> DiG 9.20.9-1-Debian <<>> any NARA-SECURITY.COM @192.168.209.30
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62397
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;NARA-SECURITY.COM.		IN	ANY
 
;; ANSWER SECTION:
NARA-SECURITY.COM.	3600	IN	NS	nara.NARA-SECURITY.COM.
NARA-SECURITY.COM.	3600	IN	SOA	nara.NARA-SECURITY.COM. hostmaster.NARA-SECURITY.COM. 40 900 600 86400 3600
 
;; ADDITIONAL SECTION:
nara.NARA-SECURITY.COM.	3600	IN	A	192.168.209.30
 
;; Query time: 24 msec
;; SERVER: 192.168.209.30#53(192.168.209.30) (TCP)
;; WHEN: Tue Jul 01 14:15:22 CEST 2025
;; MSG SIZE  rcvd: 128

N/A

dnsenum

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nara]
└─$ dnsenum NARA-SECURITY.COM --dnsserver $IP -f /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt --threads 16 -r         
dnsenum VERSION:1.3.1
 
-----   nara-security.com   -----
 
 
Host's addresses:
__________________
 
 
 
Name Servers:
______________
 
nara.nara-security.com.                  3600     IN    A        192.168.209.30
 
 
Mail (MX) Servers:
___________________
 
 
 
Trying Zone Transfers and getting Bind Versions:
_________________________________________________
 
unresolvable name: nara.nara-security.com at /usr/bin/dnsenum line 892 thread 1.
 
Trying Zone Transfer for nara-security.com on nara.nara-security.com ... 
AXFR record query failed: no nameservers
 
 
Brute forcing with /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt:
__________________________________________________________________________________________________
 
nara.nara-security.com.                  3600     IN    A        192.168.209.30
 
 
Performing recursion:
______________________
 
 
 ---- Checking subdomains NS records ----
 
  Can't perform recursion no NS records.
 
 
nara-security.com class C netranges:
_____________________________________
 
 
 
Performing reverse lookup on 0 ip addresses:
_____________________________________________
 
 
0 results out of 0 IP addresses.
 
 
nara-security.com ip blocks:
_____________________________
 
 
done.

N/A

dnsrecon

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nara]
└─$ dnsrecon -d NARA-SECURITY.COM -n $IP -D /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt --threads 16 
[*] std: Performing General Enumeration against: NARA-SECURITY.COM...
[-] DNSSEC is not configured for NARA-SECURITY.COM
[*] 	 SOA nara.NARA-SECURITY.COM 192.168.209.30
[*] 	 NS nara.NARA-SECURITY.COM 192.168.209.30
[*] Enumerating SRV Records
[+] 	 SRV _kerberos._udp.NARA-SECURITY.COM nara.nara-security.com 192.168.209.30 88
[+] 	 SRV _ldap._tcp.NARA-SECURITY.COM nara.nara-security.com 192.168.209.30 389
[+] 	 SRV _gc._tcp.NARA-SECURITY.COM nara.nara-security.com 192.168.209.30 3268
[+] 	 SRV _kerberos._tcp.NARA-SECURITY.COM nara.nara-security.com 192.168.209.30 88
[+] 	 SRV _ldap._tcp.ForestDNSZones.NARA-SECURITY.COM nara.nara-security.com 192.168.209.30 389
[+] 	 SRV _ldap._tcp.pdc._msdcs.NARA-SECURITY.COM nara.nara-security.com 192.168.209.30 389
[+] 	 SRV _ldap._tcp.gc._msdcs.NARA-SECURITY.COM nara.nara-security.com 192.168.209.30 3268
[+] 	 SRV _ldap._tcp.dc._msdcs.NARA-SECURITY.COM nara.nara-security.com 192.168.209.30 389
[+] 	 SRV _kpasswd._tcp.NARA-SECURITY.COM nara.nara-security.com 192.168.209.30 464
[+] 	 SRV _kerberos._tcp.dc._msdcs.NARA-SECURITY.COM nara.nara-security.com 192.168.209.30 88
[+] 	 SRV _kpasswd._udp.NARA-SECURITY.COM nara.nara-security.com 192.168.209.30 464
[+] 11 Records Found

N/A

InfoSec LAB

Explorer

nara_DNS

DNS

nslookup

dig

dnsenum

dnsrecon

Interactive Graph View

Table of Contents

Backlinks