DNS

$ whois [-h whois.example.com] example.com или 127.0.0.1

$ dig [@dns.example.com] example.com [{any,a,mx,ns,soa,txt,...}]
$ dig -x example.com [+short] [+timeout=1]

$ dig axfr @dns.example.com example.com
$ for srv in `cat dns.txt`; do dig axfr "@$srv" example.com | grep "failed" > /dev/null 2>&1 || echo $srv; done

$ nslookup example.com [ns.example.com]
$ nslookup -type=ptr 127.0.0.1

$ nslookup
[> server dns.example.com]
> set q=mx
> example.com

$ nslookup
> set q=ptr
> 127.0.0.1

$ host facebook.com ns.example.com

$ dig +short @ns.example.com test.openresolver.com TXT

$ for srv in `cat dns.txt`
do dig +short @$srv test.openresolver.com TXT |
grep "open-resolver-detected" && echo "[+] $srv" || echo "[-] $srv"
done

$ sudo nmap -Pn -sU -sV --script dns-recursion -iL dns.txt -p53

$ for srv in `cat dns.txt`
do sudo nmap -Pn -sU -sV --script dns-recursion $srv -p53 |
pipe> grep "enabled" && echo "[+] $srv" || echo "[-] $srv"
done

msf > use auxiliary/scanner/dns/dns_amp