DNS - Httqm's Docs

Type	Description	Details
A	Address record	used to map a hostname to an IPv4 address
AAAA	IPv6 Address record	like A but for IPv6
CAA	Certificate Authority Authorization	used by domain name holders to indicate to certificate authorities whether they are authorized to issue digital certificates for a particular domain name the lack of any CAA records authorizes normal unrestricted issuance the presence of a single blank issue tag disallows all issuance
CNAME	Canonical NAME	declare an alias of one name to another : the DNS lookup will continue by retrying the lookup with the new name maps a domain name to another domain name : alias-domain.com CNAME real-domain.com this is used to run distinct services on the same host with a single IP address, so that each service can have its own DNS entry : www.example.com ftp.example.com run multiple websites on the same host (aka virtual hosts)
MX	Mail eXchange	maps a domain name to a list of MTA for that domain
NS	Name Server	delegates a DNS zone to use the given authoritative name servers
PTR	Pointer	inverse of A / AAAA records : map IP addresses to names used to perform reverse DNS lookups addresses are saved in the reverse order : the PTR record for 192.1.2.100 would be stored as 100.2.1.192.in-addr.arpa
SOA	Start Of Authority	details about a DNS zone : primary name server administrator's email address domain serial number timers details in DNS SOA records article
SRV	Service	Generalized service location record, used for newer protocols instead of creating protocol-specific records such as MX
TXT	Text	originally for arbitrary human-readable text in a DNS record since the early 1990s, this record more often carries machine-readable data that doesn't fit the format of other records

Some CLI solutions exist, but they rely on permissions given by the DNS servers themselves (which are seldom granted). So better forget this method. Here are some alternatives :

Ask Wolfram Alpha :

Go to http://www.wolframalpha.com/
Enter the domain name in the search box, then Compute
Then click the Subdomains and More buttons (when available)

With Nmap :

How to enumerate the subdomains of a domain ?

Other websites/tools :

A DNS SOA record specifies authoritative information about a DNS zone, including (complete details on format) :

the primary name server
the email of the domain administrator (The @ character is replaced by a period .. Periods in the account name must be escaped, but not in the domain name : john\.smith.example.com)
the domain serial number. This is the version number of the zone file. It should be incremented anytime a change is made to data in the zone.
several timers relating to refreshing the zone :
- refresh : How often a secondary will poll the primary server to see if the serial number for the zone has increased.
- retry : If a secondary was unable to contact the primary at the last refresh, wait the retry value before trying again.
- expire : How long a secondary will still treat its copy of the zone data as valid if it can't contact the primary.
- minimum : The default TTL for resource records, i.e. how long data will remain in other nameservers' cache.

How to get a domain's SOA record ?

With dig :

dig google.com soa returns :

;; QUESTION SECTION:
;google.com.			IN	SOA

;; ANSWER SECTION:
google.com.		86400	IN	SOA	ns1.google.com. dns-admin.google.com. 2013121300 7200 1800 1209600 300

With nslookup :

nslookup set type=soa google.com returns :

google.com
 origin = ns1.google.com
 mail addr = dns-admin.google.com
 serial = 2013121300
 refresh = 7200
 retry = 1800
 expire = 1209600
 minimum = 300

The status of a domain name can be seen in its whois information, via the command line or with online tools such as whois.domaintools.com.
In this article we will explain what the most common domain status codes mean:

ACTIVE : (set by the registry.) The domain name can be modified by the registrar and can be renewed. The domain will be included in the DNS zone if it has been pointed to at least one name server.
REGISTRY-LOCK : (set by the registry.) The registrar cannot modify or delete the domain but it can be renewed. The REGISTRY-LOCK status must be removed by the registry for the registrar to be able to modify the domain. The domain will be included in the DNS zone if it has been pointed to at least one name server.
REGISTRAR-LOCK : (set by the sponsoring registrar.) The domain can not be modified or deleted but it can be renewed. The registrar must remove the REGISTRAR-LOCK status to modify the domain. The domain will be included in the DNS zone.
REGISTRY-HOLD : (set by the registry.) The domain can not be modified or deleted by the registrar but it can be renewed. The REGISTRY-HOLD status must be removed by the registry for the registrar to be able to modify the domain. The domain will not be included in the DNS zone.
REGISTRAR-HOLD : (set by the sponsoring registrar.) The domain can not be modified or deleted but it can be renewed. The registrar must remove the REGISTRAR-HOLD status to modify the domain. The domain will not be included in the DNS zone.
REDEMPTIONPERIOD : (set by the registry when the registrar requests the deletion of the domain name from the registry.) The domain will not be included in the DNS zone. The domain name can not be purged or modified, it can only be restored. The domain can remain in this status for a maximum of 30 calendar days.
PENDINGRESTORE : (set by the registry when the registrar requests restoration of a domain name which is in REDEMPTIONPERIOD status.) The domain will be included in the DNS zone. Registrar requests to modify the domain will be rejected. The domain will remain in this status while the registry waits for the registrar to provide the required restoration documentation. If the registrar fails to confirm the restoration request by providing the required documentation to the registry within 7 calendar days, the domain will revert to REDEMPTIONPERIOD status. If the registrar provides documentation to the registry within 7 calendar days to confirm the restoration request, the domain status will be set to ACTIVE by the registry.
PENDINGDELETE : (set by the registry after a domain has been set in REDEMPTIONPERIOD status and the domain has not been restored by the registrar.) The domain will not be included in the DNS zone. All registrar requests to modify or otherwise update the domain in this status will be rejected. The domain will be purged from the registry database after being in this status for 5 calendar days.

DNS - The "Domain Name System" Protocol (aka "Route 53")

DNS record types

DNS : how to list the subdomains of a domain ? Let's do a Reverse IP lookup !