CompTIA PenTest+ (PT0-003) — Question 6

A tester gains initial access to a server and needs to enumerate all corporate domain DNS records. Which of the following commands should the tester use?

Answer options

• A. dig +short A AAAA local.domain
• B. nslookup local.domain
• C. dig afxr @local.dns.server
• D. nslookup -server local.dns.server local.domain *

Correct answer: C

Explanation

The correct answer, C, uses the 'dig' command with the 'afxr' option, which is specifically designed to retrieve all records in a zone. Options A and B are more limited in scope and do not provide a full enumeration of DNS records. Option D, while using nslookup, also does not have the capabilities to retrieve all records like option C does.