DIG

Domain Information Groper is a command-line tool used to query DNS name servers for information about host addresses, mail exchanges, name servers, and other DNS records. It is widely used in reconnaissance to gather detailed information about a target's domain infrastructure. As an active reconnaissance tool, it interacts directly with DNS servers, meaning its queries can be logged and potentially noticed by the target organization. Penetration testers use dig to retrieve specific DNS records (such as A, MX, NS, TXT, and SOA), perform zone transfers (if misconfigured), and identify DNS server configurations. This information helps build a clearer picture of the target’s network layout, mail systems, and overall DNS posture, which can then inform further enumeration or exploitation strategies.

root@oco:~$ dig any cnd.dev
 ; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> any cnd.dev
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOTIMP, id: 56972
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 1232
 ;; QUESTION SECTION:
 ;cnd.dev.			IN	ANY

 ;; Query time: 3 msec
 ;; SERVER: 1.1.1.1#53(1.1.1.1) (TCP)
 ;; WHEN: Sun Aug 10 22:36:10 CDT 2025
 ;; MSG SIZE  rcvd: 36