I had VPN with “use only to access resources on this networks” and some labs are somehow accessible without VPN. When i switched it off, it worked.
HINT: what does the bind.version show?
1 Like
This is working for me and added the --source-port 53 to make the scan silent 
Thank you
Confirming some of the above experiences with VPN. Frustrating!
UDP VPN
- Will return a HTB{…} flag as the DNS version
TCP VPN
- Will return something else as DNS version
so this is gonna be tcp, not udp., i struggled with the VPN for a min, ended up getting the answer in kali VM
heres what i did (idk how to blur spoiler):
sudo nmap -sV -p 53 10.129.74.6 -Pn --script=dns-nsid --packet-trace -oX filename
then:
xsltproc filename -o filename.html
to view the output neatly in web browser (then i was able to see it)
I was missing it jumbled in with the packet-trace data
perhaps it depends on which vpn file you downloaded (tcp or udp) for me it was TCP