Which tool is commonly used for DNS reconnaissance and zone transfers?

  1. aircrack-ng
  2. dig ✓
  3. Burp Suite
  4. hashcat

Correct answer: dig

Option B is correct because dig (Domain Information Groper) is the standard command-line tool used for DNS queries including querying specific record types and, when a DNS server is misconfigured, requesting zone transfers (AXFR queries) that can expose all DNS records for a domain to an attacker. Option A is incorrect because aircrack-ng is a wireless network security suite focused on capturing and cracking Wi-Fi encryption keys, not DNS reconnaissance. Option C is incorrect because Burp Suite is a web application security testing proxy used for intercepting and manipulating HTTP/S traffic, not for DNS-level reconnaissance. Option D is incorrect because hashcat is a password hash cracking tool that uses CPU and GPU acceleration to recover plaintext passwords, which has no role in DNS enumeration or zone transfers.

Topic: · dns reconnaissance, zone transfer, penetration testing, dig

Practice CompTIA PenTest+ (PT0-002) Questions Free