i used first:
for sub in $(cat /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt
);do dig $sub.inlanefreight.htb @10.129.169.32 | grep -v ‘;|SOA’ | sed -r ‘/^\s*$/d’ | grep $sub | tee -a subdomains.txt;done
ns.inlanefreight.htb. 604800 IN A 127.0.0.1
mail1.inlanefreight.htb. 604800 IN A 10.129.18.201
app.inlanefreight.htb. 604800 IN A 10.129.18.15
then
dnsenum --dnsserver 10.128.169.32 --enum -p 0 -s 0 -o subdomains.txt -f /usr/share/seclists/Discovery/DNS/fierce-hostlist.txt 203.inlanefreight.htb
and
dnsenum --dnsserver 10.128.169.32 --enum -p 0 -s 0 -o subdomains.txt -f /usr/share/seclists/Discovery/DNS/fierce-hostlist.txt --threads 90 inlanefreight.htb
dnsenum VERSION:1.2.6
----- 203.inlanefreight.htb -----
Host’s addresses:
Name Servers:
203.inlanefreight.htb NS record query failed: query timed out
then
dig A inlanefreight.htb @10.129.169.32
; <<>> DiG 9.18.11-2-Debian <<>> A inlanefreight.htb @10.129.169.32
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42245
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 1aa7312d7f7924440100000063f9c5aa1624263184cd2716 (good)
;; QUESTION SECTION:
;inlanefreight.htb. IN A
;; AUTHORITY SECTION:
inlanefreight.htb. 604800 IN SOA inlanefreight.htb. root.inlanefreight.htb. 2 6
;; Query time: 64 msec
;; SERVER: 10.129.169.32#53(10.129.169.32) (UDP)
;; WHEN: Sat Feb 25 03:24:11 EST 2023
;; MSG SIZE rcvd: 115
but nothing, where am i wrong