DNS Enumeration

Host

host <domain>
host -t ns <domain> 	# Find Nameservers
host -t a <domain> 		# Find IPv4 addresses
host -t mx <domain> 	# Find Mail Servers

Dig

dig <domain> +short
dig -t ns <domain>
dig axfr <domain> @<nameserver> # Zone Transfer

Automatic DNS Enumeration

dnsrecon -d <domain>
dnsenum <domain>
fierce -dns <domain>

Robtex

Welcome to Robtex!
Login required for some of the information